On 12/12/2016 08:39 PM, Evgeny Grin wrote: > Hi, > >> I am provoking a request for 'Payload too large' for our MHD server, by >> using curl sending a short request (~25 bytes) but adding a Content-Len >> header of a lot more (2 megabytes). > > To clarify: you are not providing some large request body, you are just > added Content-Length header? > >> In our case the maximum payload we accept is a megabyte. >> >> So, in the mhd callback routines we detect the Content-Len header (and >> probably read the 25 bytes of payload as well, haven't checked) and when >> we see that the Content-Len header value is beyond our allowed max size, >> we want to return a response with a payload telling the user about the >> error. >> >> We've tried to set the upload_data_size pointer to point to ZERO, >> awaiting the last call to the callback, but it never comes. >> >> Probably due to that MHD still believes there is more data to read. >> >> Using MHD_OPTION_CONNECTION_TIMEOUT, at least the connection resets >> instead of hangs, but ... we'd like to send that response ... >> >> Is there any way to accomplish what we want? > > If request has header that indicated 2megs size of request body, MHD > will read whole request before sending response. So if request has only > header indicating that body is 2MB, but body is absent or smaller - MHD > will wait for for whole 2MB (indefinitely or until timeout). > > If you request is real 2MB size and you don't want to process it, you > can read whole 2MB, but ignore it and send response with error. > Alternatively - you can abort connection, but if client is web-browser, > it will repeat sending request. >
Actually, I think this is a "100 continue"-question. *IF* the client is using the "Expect" header to indicate that it is waiting for the 100-Continue response (which it should for HTTP/1.1), THEN you can avoid receiving the 2 MB upload by immediately (upon the first time you get the main callback) queueing a response. So you do not wait until you get _any_ upload data. That's really why MHD calls the callback 2+x times for POST: 1x to give you a chance to reject, x-times to process upload data, and finally to give you a chance to reply. So if on the very first callback (when all you have is the headers) you find that the client supports/requires 100-continue (or an error), then DO reply immediately with your error code and a (compliant) client will not even attempt the upload. Happy hacking! Christian
signature.asc
Description: OpenPGP digital signature
