H3
-
|
What's the recommended way to limit request body size in h3? (basically need middleware to reject requests over certain size before body parsing) In express it was app.use(express.json({limit: '20mb'}))The only thing in mind to solve this now is checking |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
You are right. Checking Safest approach is always putting your service behind a reverse proxy (like nginx) or CDN that makes sure request size limit is applied from outer layer. We could also do it in runtime by measuring read body. There is an open issue you can track when it becomes available (#859) |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your fast response, goat <3 |
Beta Was this translation helpful? Give feedback.
You are right. Checking
content-lengthalone is not enough and can be bypassed via request streaming.Safest approach is always putting your service behind a reverse proxy (like nginx) or CDN that makes sure request size limit is applied from outer layer.
We could also do it in runtime by measuring read body. There is an open issue you can track when it becomes available (#859)