Hey guys, what's the most elegant and safe way to enforce content-length/upload size for multipart request? I'm happy with checking this after the client has sent it's data, but I don't want to rely on the

Content-Length

header, what can I do to check the size of the multiparts?

why don't you like

Content-Length

? Unfortunately there is no any other way to know part size before downloading due to nature of multipart content encoding so the header is the only way. If it is not set or unknown then the only way is to download it until it will be downloaded, size limit exceeds or timeout

Hi Sergey, thanks that was what I assuming tbh. I'm trying to enforce upload limits for an endpoint that accepts multipart bodies, currently I'm doing this on the client side (javascript) as well as on the server using the

Content-Length

header. Just don't want to trust this header as it could've been potentially tempered with by the client. I'm piping the InputStreams to S3.

well, you can copy part body and cancel it once actual size becomes bigger than specified in

Content-Length

Yeah that's true, I'm not limit the multipart on either number of files so I might need to have a little state preserved there when having

n

number of files. I'm just thinking if this might also be doable using an

ApplicationFeature

to intercept inside the pipeline rather than an actual route.

Also note that user could run a lot of file uploads concurrently (exact limit bytes size each)

yeah exactly, this adds up to the problem, I guess there won't be the ultimate silver bullet. But thx for helping out, I think I know enough to get it sorted well enough