Changes between Initial Version and Version 1 of Ticket #30669, comment 7
- Timestamp:
- Jul 31, 2019, 4:33:15 AM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #30669, comment 7
initial v1 4 4 5 5 The only difference here is we have this extra buffer layer. (So we read the bytes, presumably to disk, twice, for the length of the request.) 6 7 8 **Update**: A quick survey of the landscape suggests the nginx-like layer is ‘’where this is handled’’. Neither werkzeug, nor gunicorn, nor Daphne, nor uvicorn enforce total request size, it seems because they don’t buffer the whole request to be able to check. Like Django, Flask requires you to consume the request before you can check the size. ([https://github.com/pallets/werkzeug/issues/1513 Issue on Werkzeug summarising some discussions].) 9 10 Comment from Tom Christie when I asked his opinion: 11 12 > I think the right answer to this is: middleware for app-level protection. Nginx or whatever platform-level gateway you're on for added robustness.