Allow users to configure max response body size #224
Comments
Cl0v1s
pushed a commit
to BDX-town/Akkoma
that referenced
this issue
Apr 1, 2024
To save on bandwith and avoid OOMs with large files. Ofc, this relies on the remote server (a) sending a content-length header and (b) being honest about the size. Common fedi servers seem to provide the header and (b) at least raises the required privilege of an malicious actor to a server infrastructure admin of an explicitly allowed host. A more complete defense which still works when faced with a malicious server requires changes in upstream Finch; see sneako/finch#224
animeavi
pushed a commit
to animeavi/pleroma
that referenced
this issue
Apr 3, 2024
To save on bandwith and avoid OOMs with large files. Ofc, this relies on the remote server (a) sending a content-length header and (b) being honest about the size. Common fedi servers seem to provide the header and (b) at least raises the required privilege of an malicious actor to a server infrastructure admin of an explicitly allowed host. A more complete defense which still works when faced with a malicious server requires changes in upstream Finch; see sneako/finch#224
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The main goal is to provide some safety in case a client receives an unexpectedly large response which would use more memory than desired.
Work was started here #182
The text was updated successfully, but these errors were encountered: