Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Property server.jetty.max-http-form-post-size not affecting POST body size limit in Spring Boot 3.2.4 with Jetty Server #41155

Closed
cristianobinetti opened this issue Jun 19, 2024 · 3 comments
Closed

Property server.jetty.max-http-form-post-size not affecting POST body size limit in Spring Boot 3.2.4 with Jetty Server #41155

cristianobinetti opened this issue Jun 19, 2024 · 3 comments
Labels
status: invalid An issue that we don't feel is valid

Comments

@cristianobinetti
Copy link

In my Spring Boot 3.2.4 application with a Jetty Server, I'm trying to use the following property in my application.properties file: server.jetty.max-http-form-post-size (reference: Spring Boot Documentation). However, even though the property is correctly read by the JettyWebServerFactoryCustomizer.class, it doesn't affect the POST body size limit in any way.

The only way I'm able to use the Jetty library's SizeLimitHandler is through JettyServerCustomizer (via Java):

@Bean
public ConfigurableServletWebServerFactory webServerFactory() {
    JettyServletWebServerFactory factory = new JettyServletWebServerFactory();
    JettyServerCustomizer customizers = server -> {
        ServerConnector connector = new ServerConnector(server);
        connector.setPort(httpPort);
        server.addConnector(connector);
        server.insertHandler(new SizeLimitHandler(20000, 200000));
    };
    factory.addServerCustomizers(customizers);
    return factory;
}

But to me, this does not seem like the cleanest way to do it. I would prefer to be able to use the property, which currently seems not to be working.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 19, 2024
@wilkinsona
Copy link
Member

wilkinsona commented Jun 19, 2024
edited
Loading

What sort of POST request are you sending and expected to be limited? As the property's name suggests, it only applies to POSTed form content. Spring Boot applies it to Jetty's ServletContextHandler.setMaxFormContentSize(int) and it is enforced by Jetty's ServletApiRequest.

If you're making some other kind of POST request, it is expected that the property will have no effect.

If you're successfully POSTing form content above the configured limit, it could be a Spring Boot bug as we're not correctly transferring the property. Alternatively, it could be a Jetty bug as it's not applying the limit correctly. If you would like us to spend some time investigating which of these is the case, please spend some time providing a complete yet minimal sample that reproduces the problem. You can share it with us by pushing it to a separate repository on GitHub or by zipping it up and attaching it to this issue.

@wilkinsona wilkinsona added the status: waiting-for-feedback We need additional information before we can continue label Jun 19, 2024
@cristianobinetti
Copy link
Author

Thank you for your detailed response.

I am currently sending a POST request with JSON data (Content-Type: application/json), not form content (application/x-www-form-urlencoded or multipart/form-data). I wasn't aware that the server.jetty.max-http-form-post-size property only applies to POSTed form content. This clarifies why the property doesn't seem to affect my payload size limit.

Given that this property does not apply to JSON POST requests, is there any available property to set a payload size limit for JSON data in Jetty with Spring Boot?

Thank you,
Cristiano

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Jun 20, 2024
@wilkinsona
Copy link
Member

is there any available property to set a payload size limit for JSON data in Jetty with Spring Boot?

No, there isn't. Programmatic configuration of a SizeLimitHandler (as you have shown above) is your best option.

@wilkinsona wilkinsona closed this as not planned Won't fix, can't repro, duplicate, stale Jun 20, 2024
@wilkinsona wilkinsona added status: invalid An issue that we don't feel is valid and removed status: waiting-for-triage An issue we've not yet triaged status: feedback-provided Feedback has been provided labels Jun 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: invalid An issue that we don't feel is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wilkinsona @spring-projects-issues @cristianobinetti