Yann Simon
Yann Simon
Thanks for the report! If using the DefaultBodyLimit is possible, I'd vote for this.
yes exactly, I think that this is a good default.
Thanks! How would we force `Host` and `Schema` to use this? We would remove the `FromRequestParts` for them right?
To finish this PR: could you use this for `Host` and `Schema`? In the documentation, should we link to https://owasp.org/www-community/pages/attacks/ip_spoofing_via_http_headers? or is it better not to have any link, but...