grpc-go icon indicating copy to clipboard operation
grpc-go copied to clipboard
Published 2 weeks ago verified publisher icon grpc

Phase in MAX_HEADER_LIST_SIZE default value of 8KB

Open dfawley opened this issue 7 years ago • 2 comments

Currently we have no default value for MAX_HEADER_LIST_SIZE, meaning metadata may be unlimited in size. Both C and Java implementations default to 8KB. This is done for security reasons (protecting server memory). We should phase this in for grpc-go by doing 1-2 releases with a note recommending manually setting the option higher if necessary, and then setting the default value to 8KB.

cc @markdroth @ejona86

dfawley avatar Sep 17 '18 16:09 dfawley

As discussed in-person, we could also initially issue a warning when a too-large metadata. Later the warning would turn into an actual enforcement.

ejona86 avatar Sep 17 '18 17:09 ejona86

https://github.com/grpc/grpc-go/issues/4265 is related to this issue, since the current settings are different between the C, Java, and Go implementations.

evanj avatar Mar 29 '22 17:03 evanj