You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The text was updated successfully, but these errors were encountered:
harshavardhana
changed the title
Edit New issue Limit the amount of readable data from response body, honor content-length in response headers.
Limit the amount of readable data from response body, honor content-length in response headers.
Jan 8, 2016
Looks like Content-Length is not set for all the S3 call replies, there is no easier and effective way to verify server sending malicious data right now, since S3 itself doesn't set Content-Length.
The reason is also i think they don't set Content-Length is since server is sending data with Transfer-Encoding set to 'chunked' . Because of this reason they do not have to. Since they guarantee that server is sending in chunks not as one large blobs for client to consume. So i think we can defer the handling of response bodies for now.. Since for chunked transfer-encoding Content-Length will not be set and we cannot effectively limit and verify this.
No description provided.
The text was updated successfully, but these errors were encountered: