apply check_max_size logic to headers as well

[ghost]

Right now it's possible to "load" the socket with large headers, so I don't think there are any checks for this scenario (other than headers count < 100).

[ghost]

Example of a failing test (in elixir)

  test "fails on large headers" do
    cookie = "bar=" <> String.duplicate("a", 10_000_000) # 10 MB binary
    response = request(:get, "/headers", [{"cookie", cookie}]) # GET request with cookie header bar=aaaaa...
    assert match?({400, _, _}, response) or match?({:error, :closed}, response) # elli returns 200, consumes all headers
    assert {200, _, _} = request(:get, "/headers", [{"foo", "bar"}, {"baz", "bat"}])
  end

[ghost]

Possibly applies to the request line (get_request) as well.

GET /aaaaaaa[... and 10MB more of aaaaa] HTTP/1.1

[yurrriq]

Looks like a bug to me. Thanks for pointing it out. PRs are most welcome!

[ghost]

Thanks for pointing it out. PRs are most welcome!

Great! I'll try to make one today.