restinio icon indicating copy to clipboard operation
restinio copied to clipboard

Published 20 hours ago verified publisher icon Stiffstream

Streaming Request Body

Open webfolderio opened this issue 6 years ago • 3 comments

Hi,

From the Restinio doc.:

Request handler

Body can be accesed by request_t::body() function which returns a reference to std::string.

Why do you preferred std::string instead of a suitable stream type? I couldn't figure out what happen if http client sends request body which does not fit in the memory?

webfolderio avatar Mar 08 '19 12:03 webfolderio

Hi!

The main use case for RESTinio was (and I suppose still is): take a get/post request, post it for async processing to some another work thread, take a result and send the result back. In our scenarios all requests had some reasonable size.

eao197 avatar Mar 08 '19 14:03 eao197

Thanks for the clarification.

My main concern is to buffer attacks. consume_data(const char *, std::size_t) did not prevent vulnerability to buffer attacks. I know that there is a timeout setting that rejects long requests but it might be still good idea to an optional setting to limit request body size.

webfolderio avatar Mar 08 '19 16:03 webfolderio

but it might be still good idea to an optional setting to limit request body size.

I think you're right -- it looks like a good idea. We'll try to address this in the next update for RESTinio. But it hard to predict when this update will be released because we are busy on other projects now and the next free timeslot will be only after a week or two from now :(

eao197 avatar Mar 09 '19 06:03 eao197