CrowCpp
Request Size Limit
I have read through the docs, mostly app and middleware, but I cannot figure out how to set the request size limit. Or if it doesn't let one set that, it seems like a potential DoS and this becomes a request for feature.
As far as I recall, Crow's parser only has a limit for the size of headers (the entire request except the body to be specific), which can be set via -DCROW_HTTP_MAX_HEADER_SIZE <value> and defaults to 80 * 1024 bytes. Would it be a good idea to limit the body size as well? (Since the only processing that occurs on the body just makes sure that the content length is correct)
The body is allocated locally and it takes time/memory. It would be great to have a per route limit or per app limit, but a definition is better than none too. Resource exhaustion can be an issue.
I think a per app limit with a per route / blueprint override would be a good addition.
The problem is that max_header_size is static and is used all over the http parser, which runs at first level - before the app, the router and any middleware.
To detect what route/blueprint we're requesting, we have to parse the http request first 😄 To then customize parsing the request... That means that parsing has to be done step by step.
The current parser is very hard to refactor, its actually even hard to read. I doubt this is doable in the foreseeable future😢
If you want your API to be safe, you can proxy request through a server like nginx and apache, where all settings can be tuned
@dranikpg You raise a good point, getting the limit from the app would be possible, since the connection (which contains the app) runs before the parser.
But figuring out the BP or Route would require altering the parser (or at least the callbacks in the wrapper) to go through the routing process once the Method / URL.
I agree with you on the parser being difficult to deal with, but I've read through it, and even modified it. So if you need anything related to it let me know ;)