Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added MAX_CONTENT_LENGTH config key

  • Loading branch information...
commit b1790cca55956c0cda132ac2fa6a2fb53fd2d009 1 parent f8f8463
@mitsuhiko authored
View
2  CHANGES
@@ -21,6 +21,8 @@ Release date to be announced, codename to be decided.
as `config`.
- context processors will no longer override values passed directly
to the render function.
+- added the ability to limit the incoming request data with the
+ new ``MAX_CONTENT_LENGTH`` configuration value.
Version 0.5.1
-------------
View
6 docs/config.rst
@@ -62,6 +62,10 @@ The following configuration values are used internally by Flask:
``LOGGER_NAME`` the name of the logger
``SERVER_NAME`` the name of the server. Required for
subdomain support (eg: ``'localhost'``)
+``MAX_CONTENT_LENGTH`` If set to a value in bytes, Flask will
+ reject incoming requests with a
+ content length greater than this by
+ returning a 413 status code.
=============================== =========================================
.. admonition:: More on ``SERVER_NAME``
@@ -89,6 +93,8 @@ The following configuration values are used internally by Flask:
.. versionadded:: 0.5
``SERVER_NAME``
+.. versionadded:: ``MAX_CONTENT_LENGTH``
+
Configuring from Files
----------------------
View
3  flask/app.py
@@ -193,7 +193,8 @@ class Flask(_PackageBoundObject):
'PERMANENT_SESSION_LIFETIME': timedelta(days=31),
'USE_X_SENDFILE': False,
'LOGGER_NAME': None,
- 'SERVER_NAME': None
+ 'SERVER_NAME': None,
+ 'MAX_CONTENT_LENGTH': None
})
def __init__(self, import_name, static_path=None):
View
8 flask/wrappers.py
@@ -13,6 +13,7 @@
cached_property
from .helpers import json, _assert_have_json
+from .globals import _request_ctx_stack
class Request(RequestBase):
@@ -42,6 +43,13 @@ class Request(RequestBase):
routing_exception = None
@property
+ def max_content_length(self):
+ """Read-only view of the `MAX_CONTENT_LENGTH` config key."""
+ ctx = _request_ctx_stack.top
+ if ctx is not None:
+ return ctx.app.config['MAX_CONTENT_LENGTH']
+
+ @property
def endpoint(self):
"""The endpoint that matched the request. This in combination with
:attr:`view_args` can be used to reconstruct the same or a
Please sign in to comment.
Something went wrong with that request. Please try again.