Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a middleware to enforce request size limits #40452

Open
pranavkm opened this issue Feb 28, 2022 · 5 comments
Open

Add a middleware to enforce request size limits #40452

pranavkm opened this issue Feb 28, 2022 · 5 comments
Labels
area-middleware Includes: URL rewrite, redirect, response cache/compression, session, and other general middlewares area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions Needs: Design This issue requires design work before implementating.
Milestone
Backlog

Comments

@pranavkm
Copy link
Contributor

pranavkm commented Feb 28, 2022
edited
Loading

A couple of limits are enforced by MVC filters. In addition, part of the Request Decompression middleware - #40080 limits specified by RequestSizeLimitAttribute are enforced for compressed requests if the middleware is present (e.g. Content-Encoding: gz), but not for regular requests.

The suggestion is to introduce a new middleware that can enforce request size limits. The middleware's primarily role is to configure existing HTTP features based on the presence of attributes on endpoints. In addition to this, we can have endpoint middleware enforce that the middleware was present if it detects endpoints with size limiting attributes.
@pranavkm
Copy link
Contributor Author

FYI @halter73 / @Tratcher

@pranavkm pranavkm mentioned this issue Feb 28, 2022
Merged
@Tratcher
Copy link
Member

https://github.com/dotnet/aspnetcore/blob/main/src/Mvc/Mvc.Core/src/DisableRequestSizeLimitAttribute.cs

@adityamandaleeka adityamandaleeka added the Needs: Design This issue requires design work before implementating. label Feb 28, 2022
@adityamandaleeka adityamandaleeka added this to the .NET 7 Planning milestone Feb 28, 2022
@ghost
Copy link

ghost commented Feb 28, 2022

Thanks for contacting us.

We're moving this issue to the .NET 7 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

@ghost
Copy link

ghost commented Sep 9, 2022

Thanks for contacting us.

We're moving this issue to the .NET 8 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

@Tratcher Tratcher mentioned this issue Nov 29, 2022
Closed
@Tratcher
Copy link
Member

YARP needs this too: dotnet/yarp#640

@Tratcher Tratcher mentioned this issue Dec 1, 2022
Merged
@amcasey amcasey added area-middleware Includes: URL rewrite, redirect, response cache/compression, session, and other general middlewares area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Aug 24, 2023
@amcasey amcasey modified the milestones: .NET 8 Planning, Backlog Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-middleware Includes: URL rewrite, redirect, response cache/compression, session, and other general middlewares area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions Needs: Design This issue requires design work before implementating.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@pranavkm @adityamandaleeka @Tratcher @amcasey