https://kotlinlang.org logo
Title
l

Lauritz Hilsøe

11/26/2019, 9:59 AM
Hi, I have the same problem as this issue https://github.com/ktorio/ktor/issues/1058 - I have an endpoint for receiving form data but I can easily receive data above 65kb, how can I increase this limit? Only solution I've found involves using internal APIs
c

cy

11/26/2019, 10:01 AM
Why do you send so much data through a text field? Shouldn't a file be uploaded instead?
l

Lauritz Hilsøe

11/26/2019, 10:01 AM
We are using a service that's pushing their data, I can't control it unfortunately
c

cy

11/26/2019, 10:06 AM
Well, for now, the only you can do is to use
CIOMultipartDataBase
that is marked as internal API so it is not guaranteed to be stable . However, I see no reason for any change in this place in the near future
The only copy-paste will be
multiPartData()
that is not that big
l

Lauritz Hilsøe

11/26/2019, 10:07 AM
I ended up with this, taking inspiration from https://git.io/Je6Ys
val xmlFormData = CIOMultipartDataBase(
  coroutineContext + Dispatchers.Unconfined,
  call.receiveChannel(),
  contentType,
  null,
  99999999
)
c

cy

11/26/2019, 10:08 AM
Specifying so big limit may cause OOM
the other question is why content length is always
null
?
l

Lauritz Hilsøe

11/26/2019, 10:10 AM
Does it allocate that much memory? I can try and figure out a more sane limit based on file sizes
Not sure, I didn't actually notice the line
val contentLength = call.request.header(HttpHeaders.ContentLength)?.toLong()
but I can update to use that
c

cy

11/26/2019, 10:10 AM
I recommend you to specify content length if available
Of course it doesn't allocate all this size, only if a request has such big field
this limit is just a guard to avoid OOM and potential DoS caused by big requests
So specifying too big limit makes you vulnerable
l

Lauritz Hilsøe

11/26/2019, 10:12 AM
Makes sense, I think one of the biggest is around 100kb so I'll limit it to that + a little more and be sure to specify content length if available
Is there any plans to make this configurable somehow or open the API instead of using internal?
c

cy

11/26/2019, 10:30 AM
Need to think of how do we provide it
l

Lauritz Hilsøe

11/27/2019, 9:21 AM
Would be a nice option, but thanks for your help, appreciate it