Comments (3)
Thanks for reporting this, but I don't think there's any need for such a patronising tone. This is the first issue you're raised here and it's not a great first impression.
You haven't said which embedded web server you're using so I cannot talk about the specifics of your particular situation. What I can say, is that Boot's server.max-http-request-header-size
is mapped onto the following APIs in each web server:
-
org.apache.coyote.http11.AbstractHttp11Protocol.setMaxHttpRequestHeaderSize(int)
Maximum size of the HTTP request message header.
The maximum permitted size of the request line and headers associated with an HTTP request, specified in bytes. This is compared to the number of bytes received so includes line terminators and whitespace as well as the request line, header names and header values.
-
org.eclipse.jetty.server.HttpConfiguration.setRequestHeaderSize(int)
Larger headers will allow for more and/or larger cookies plus larger form content encoded in a URL. However, larger headers consume more memory and can make a server more vulnerable to denial of service attacks.
-
reactor.netty.http.HttpDecoderSpec.maxHeaderSize(int)
Configure the maximum header size that can be decoded for the HTTP request
-
io.undertow.Undertow.Builder.setServerOption(UndertowOptions.MAX_HEADER_SIZE, T)
The maximum size in bytes of a http request header
I think the naming of our property is consistent with the server-specific APIs onto which it's mapped and how they're documented. The maintainers of each of these servers also have far deeper HTTP expertise than we do so we prefer to defer to them on naming, aligning as closely as we can given that we have a single property name and four slightly different targets.
In the case of Reactor Netty, its setting maps down onto a Netty API:
io.netty.handler.codec.http.HttpDecoderConfig.setMaxHeaderSize(int)
Set the maximum line length of header lines. This limits how much memory Netty will use when parsing HTTP header key-value pairs. You would typically set this to the same value as
setMaxInitialLineLength(int)
From the descriptions of the properties, it's clear that Netty is making the distinction that you would like to see and that Jetty and Tomcat are not. Undertow isn't clear but looking at the code in it HttpReadListener
, I believe it considers the header to be everything up until the request's body.
We can take a look at adding something to the documentation to make it clear that the exact meaning of the property varies depending on the underlying web server that's in use and to encourage readers to refer to the server's documentation for specifics.
from spring-boot.
I made no attempt to be patronizing. I was making an effort to be diplomatic and not come across as aggressively complaining about http spec violations. Sometimes if I'm direct people say I'm aggressive, then I try to be excessively diplomatic, and .. patronizing?
I'll try to work on the tone, if you have any concrete feedback on that. I've raised issues on the old tracker (before git).
We're using undertow.
from spring-boot.
We can take a look at adding something to the documentation to make it clear that the exact meaning of the property varies depending on the underlying web server that's in use and to encourage readers to refer to the server's documentation for specifics.
I'll turn this into a documentation issue.
from spring-boot.
Related Issues (20)
- WebSocket autoconfiguration issue with messageBrokerTaskScheduler in 3.3.0 version HOT 3
- Document the need to switch to io.micrometer:micrometer-registry-prometheus-simpleclient to use the Prometheus push gateway HOT 1
- Gradle warning: Build service is being used by task without the corresponding declaration via 'Task#usesService' HOT 1
- Unable to apply jakartaConverter in spring boot embedded tomcat. HOT 1
- JSP-related resources may not be found in an executable war file when using Jetty
- OAuth2ClientAutoConfiguration Conditional on Servlet Application HOT 1
- Provide a way to link to versioned javadoc without redirecting to current HOT 6
- Kotlin runApplication<Application>(*args) isn't detecting Java Controllers. HOT 3
- Uber jar fails to start when it contains a dependency with Multi-Release: true in its manifest and unexpected file entries in META-INF/versions HOT 6
- Being able to scrape Prometheus metrics during graceful shutdown from management endpoints HOT 1
- Counts in ClassicHistogramBuckets cannot be negative issue after upgrade to spring boot 3.3 HOT 2
- Why I upgrade my springboot form 3.1.3 to 3.3.0 having errors? HOT 3
- ControllerAdvice/ExceptionHandler do not apply to non reactive RouterFunction HOT 1
- Uber jar fails to start when it contains a dependency with Multi-Release: true in its manifest and unexpected file entries in META-INF/versions
- IllegalArgumentException when trying to use Tomcat's HttpNio2Protocol with Spring Boot-configured SSL HOT 3
- ActiveMQ Artemis tests don't work on ARM machines
- @KafkaListener with containerFactory is not triggered in @SpringBootTest HOT 3
- IllegalArgumentException when trying to use Tomcat's HttpNio2Protocol with Spring Boot-configured SSL
- Bean cannot be found when spring-boot-devtools is added to classpath HOT 1
- Empty spring-boot-loader Directory Causing ClassNotFoundException in Dockerized Spring Boot Application HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-boot.