httpbin
httpbin copied to clipboard
postmanlabs
feat: Add optional feature to decompress encoded request body
This PR addresses #577 Because of Zip Bomb attacks this feature is disabled by default and should only be turned on when running httpbin locally as follows
docker run --env UNSAFE_BODY_DECOMPRESSION=1 -p 80:80 kennethreitz/httpbin
There are valid use cases where a server is going to receive payloads only from a trusted source that will be compressed and this can help testing around those.
