oidc icon indicating copy to clipboard operation
oidc copied to clipboard
verified publisher icon zitadel

Allow enforcing limits on response sizes consumed

Open rosstimothy opened this issue 8 months ago • 1 comments

Preflight Checklist

  • [x] I could not find a solution in the existing issues, docs, nor discussions
  • [x] I have joined the ZITADEL chat

Describe your problem

All HTTP responses are consumed in full without a way to configure an upper bound. https://github.com/zitadel/oidc/blob/7cc5fb656818b9da48d34252c186b3d715cf2af0/pkg/http/http.go#L65

Describe your ideal solution

There exists a way to set a limit that is enforced when reading HTTP response bodies.

Version

No response

Additional Context

No response

rosstimothy avatar Apr 16 '25 19:04 rosstimothy

Thanks for reporting. We could use https://pkg.go.dev/io#LimitReader instead,

muhlemmer avatar Apr 30 '25 09:04 muhlemmer