New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to upload files larger than 1mb after Plone 6.0.7 upgrade #3848
Comments
I see this too, with Plone 6.0.7 on a ClassicUI site with plone.restapi installed.
Actually, even without plone.restapi installed (only available in the eggs), I see the same traceback. This is strange, because the Adding |
Yes, that works. I have released the fix from @mamico in Add something like this in your instance/zeoclient recipe config:
(I think I will go for 10MB for most of my customers.) Thanks! |
but this works only with buildout. What about cookiecutter? |
@mauritsvanrees don't you think we should put a default for Plone equal or larger than 10MB? PDFs and images are normally larger, I think many people might run into this problem after updating, don't you? |
Well, do use I love it 😉 |
@yurj the config is written into the zope.conf file, which you also have in a buildoutless setup like teh cookiecutter templates. |
I mean the automated installation via cookiecutter should add this conf additional snippet too . If you upgrade the docker image, you cannot add this config (easly) and maybe downgrade your database is not an option. https://6.docs.plone.org/install/manage-add-ons-packages.html "For the backend, it uses cookiecutter-zope-instance to generate configuration files for a Zope WSGI instance." |
Yes. I really don't have time for community work this week. The last few weeks have been too crazy for that. I will add the current solution to a few customers, as I saw Sentry errors coming in. |
Will I always have to update this setting if I want higher limits? |
Currently, yes. It seems to work fine without this though as long as you do not have We could turn this into an option in And the cookiecutter starter template could include the lines. |
To be honest, I'm surprised that a memory limit is needed for file uploads. It used to be the case that file uploads were streamed directly into a temporary file on disk, so even a large file would not use a lot of memory. But, perhaps that was true with ZServer and not waitress (I haven't checked). And, there could still be a DoS issue from filling up the disk with file uploads, so a limit probably still makes sense, whether or not the name mentions memory. |
There is a memory limit and a separate, much larger, disk limit. See these lines in the Zope PR that introduced this. |
Also note that in ClassicUI without plone.restapi in the eggs, I do not see the problem: I can upload a large image without problems. So restapi reads the request in a different way than what happens in ClassicUI, and it hits this part of the Zope code. |
Oh, that makes sense that there is a difference -- in the classic UI file uploads are encoded as multipart/form-data, but in the REST API they are base64-encoded inside the JSON request body. |
Anybody taking care of the cookiecutter fix? I guess that it's more than a fix, since this is both a new and breaking option that we have to take care there. In the meanwhile, we will revert to use 6.0.6. |
Looking at the code, there's no direct way to disable this feature. Reading the code, setting them to -1 should be the same as disable the feature. So Plone could ship with -1, and let people (docker, buildout, cookiecutter) decide if enable/set it. |
It makes lots of sense to me to allow an upload limit but not set it by default. You might want to set this on project level when an instance is used in production. However, I wouldn't want such a limit on a local dev instance or internal instances. |
I can do this for I created an issue plone/cookiecutter-zope-instance#11 |
@tisto I disagree, it's a safety protection, and the settings should be safe by default. But I would set the default much higher.
Then you won't discover that large files are blocked until the system is in production. |
@davisagli that makes sense. Does Zope now use memory to transfer the file to disk? Or is it just validation? Why does this validation only occur when plone.restapi is in the eggs?
Would this disk limit be just for the way Classic Plone without restopi does it? |
It would still probably be nice to set the limit higher in Plone by default. |
@mauritsvanrees wouldn't it be worth checking with the Zope people to increase this limit there? Is Zope file upload not affected by this issue? 1mb is not enough for any type of application. |
I also don't know what this limit is protecting. As noted by @mauritsvanrees, if plone.restapi is not in the eggs, the upload works. I'm not sure this limit would block uploading via plone.restapi. The error occurs when trying to read the authentication credentials from the request body. We haven't gotten to the part about saving the file. |
Keep in mind that the file is serialized as part of the request body which is being read by the plugin. But, it doesn't make any sense to me that the plugin is trying to read the body as JSON even if it hasn't been sent with a If we add a check in plone.restapi for the request mimetype, that should avoid breaking uploads in the classic UI. The limit would still be a problem for non-TUS uploads through the REST API, which are serialized as base64 in the JSON body. |
@davisagli I did a test by commenting on the line that gives the problem in plugin. We will actually get an error when trying to add a file through Volto:
|
When I upload a larger Image in the ZMI, no exception is raised. So either the multipart parser is not used here, or in this case the higher The limits are passed onto this class. It has the same mem and disk limits as Zope now has. Its "memfile" limit is larger, but that does not seem to come into play here (262kB vs 4 kB). @davisagli wrote:
That may be a good way. |
the form limit parameters are configurable in wsgischema.xml |
The limit description says:
@davisagli do you see another way for |
@wesleybl Ideally I think file uploads should happen via the TUS API (https://6.docs.plone.org/plone.restapi/docs/source/endpoints/tusupload.html#creating-an-upload-url) so they're sent in a separate request that doesn't have to be base64-encoded as part of a JSON body. But it'll take some work to get to the point where we can use this as the default in volto. For one thing, restapi's TUS implementation currently puts temporary files on disk, and it needs to store them as blobs in the ZODB so that it works across load balanced instances that don't share the same disk. |
plone/cookiecutter-zope-instance@72c54da "Add |
Please consider "zopefoundation/Zope#1180 (comment)": |
The result was never used, and it may fail when the request is too large to read. This is a problem since at least Zope 5.8.4, introduced in Plone 6.0.7. See plone/Products.CMFPlone#3848 and zopefoundation/Zope#1180. This PR is an alternative to #1726. See discussion there.
This is a very bad regression since these JSON things needs to be loaded in RAM rather than going straight to a tmp file which then gets moved into a blob. We're supposed to be supporting video uploads these days. |
Rudd-O wrote at 2023-11-1 16:38 -0700:
> in the classic UI file uploads are encoded as multipart/form-data, but in the REST API they are base64-encoded inside the JSON request body.
This is a very bad regression since these JSON things needs to be loaded in RAM rather than going straight to a tmp file which then gets moved into a blob.
We're supposed to be supporting video uploads these days.
I do not say that `Plone` should not support video uploads.
I say, `Plone` should do it differently.
Why must these "JSON things" be loaded into RAM?
If files are passed via "multipart/form-data" requests,
they arrive as file like objects at `Plone`, avoiding huge RAM
requirements.
`plone.restapi` could incorporate the file attachments into the
the main object (but should of course not read the content), thus
providing a good degree of backward compatibility.
The application would only need to be aware that file content
can arrive as a file like object.
The current solution effectlively prevents sites with little RAM
to reliably support large uploads -- even if you
configure `form-memory-limit` to effectively have no effect.
Its current RAM requirement is at least twice the upload size
(once for the file content as part of the JSON body, once
as part of the deserialized object).
|
I'd like to rise this as an issue today in the next Plone's Steering Circle. Specially the part where this breaking change was not properly communicated to the Plone Release Team so we could issue the proper procedures to avoid the chaos that followed. I would also raise the issue that it was introduced in zopefoundation/Zope#1094 with no notice in the Zope's changelog whatsoever, and released in a patch version. |
This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. You can use ``dos_protection`` settings in ``etc/zope.conf`` to change the limit. See plone/Products.CMFPlone#3848 and zopefoundation/Zope#1142.
This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. You can use ``dos_protection`` settings in ``etc/zope.conf`` to change the limit. See plone/Products.CMFPlone#3848 and zopefoundation/Zope#1142.
This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. You can use ``dos_protection`` settings in ``etc/zope.conf`` to change the limit. See plone/Products.CMFPlone#3848 and zopefoundation/Zope#1142.
A bit of history:
So what has been done so far to combat this, and what still needs to be done?
What is not good, is that after Plone 6.0.7 until this week no one stepped up to tackle this, except for the workarounds that need everyone to edit |
This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. See `CMFPlone issue 3848 <https://github.com/plone/Products.CMFPlone/issues/3848>`_ and `Zope PR 1142 <https://github.com/zopefoundation/Zope/pull/1142>`_.
This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. See `CMFPlone issue 3848 <https://github.com/plone/Products.CMFPlone/issues/3848>`_ and `Zope PR 1142 <https://github.com/zopefoundation/Zope/pull/1142>`_.
…1729) * Allow uploads up to 16 MB. This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. You can use ``dos_protection`` settings in ``etc/zope.conf`` to change the limit. See plone/Products.CMFPlone#3848 and zopefoundation/Zope#1142. * Changed patch: temporarily disable form memory limit checking for files and images. This seems a better way, then increasing the limit to 16MB. See zopefoundation/Zope#1180 (comment)
Branch: refs/heads/main Date: 2023-11-04T07:13:09+01:00 Author: Maurits van Rees (mauritsvanrees) <maurits@vanrees.org> Commit: plone/plone.restapi@9f399ac Temporarily disable form memory limit checking for files and images. (#1729) * Allow uploads up to 16 MB. This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. You can use ``dos_protection`` settings in ``etc/zope.conf`` to change the limit. See plone/Products.CMFPlone#3848 and zopefoundation/Zope#1142. * Changed patch: temporarily disable form memory limit checking for files and images. This seems a better way, then increasing the limit to 16MB. See zopefoundation/Zope#1180 (comment) Files changed: A news/3848.bugfix A src/plone/restapi/patches.py M src/plone/restapi/__init__.py M src/plone/restapi/deserializer/__init__.py
Branch: refs/heads/main Date: 2023-11-04T07:13:09+01:00 Author: Maurits van Rees (mauritsvanrees) <maurits@vanrees.org> Commit: plone/plone.restapi@9f399ac Temporarily disable form memory limit checking for files and images. (#1729) * Allow uploads up to 16 MB. This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. You can use ``dos_protection`` settings in ``etc/zope.conf`` to change the limit. See plone/Products.CMFPlone#3848 and zopefoundation/Zope#1142. * Changed patch: temporarily disable form memory limit checking for files and images. This seems a better way, then increasing the limit to 16MB. See zopefoundation/Zope#1180 (comment) Files changed: A news/3848.bugfix A src/plone/restapi/patches.py M src/plone/restapi/__init__.py M src/plone/restapi/deserializer/__init__.py
* plone606 * collective.exportimport=1.7 * pin * plone.dexterity 3.0.3 * plone 6.0.7 * changelog * workaround plone/Products.CMFPlone#3848 * upgrade collective.sentry * 6.0.8 * update click * set-output deprecated * typo * env * Update mx.ini * typo * Update build_development.yml * cleanup * Update build.yml * Update build.yml * maxupload default a 120MB, patternslib * plone.formwidget.contenttree = 1.2.0
BUG/PROBLEM REPORT (OR OTHER COMMON ISSUE)
This is probably related to Zope 5.8.4 issue #1141 and pull request #1142.
What I did:
Update buildout to use new versions of Plone/Zope (Plone 6.0.7)
Tested also with latest buildout.coredev
What I expect to happen:
Upload a file larger than 1mb in a File content-type
What actually happened:
Upload is blocked because Zope has now a (1mb limit)
From the commits and documentation i see that it should be configurable, but i can't do it.
Anyone has a working example?
1mb is probably very low for regular pdf files that users usually upload on a website.
What version of Plone/ Addons I am using:
Zope 5.8.5
Plone 6.0.7
The text was updated successfully, but these errors were encountered: