Currently SDR allows to set the page "size" parameter without limiting it. From an unscrupulous user making requests with large "size" parameter could bring down the app. It would be nice to limit "size" parameter at global level as well as individual resource level
DATACMNS-408 Guard against invalid values when resolving pagination and sorting parameters from web requests
DATACMNS-335 PageableHandlerMethodArgumentResolver should allow configuring maximum page size
The text was updated successfully, but these errors were encountered:
By default the maximum page size is set to 2000 (through the default setting in PageableHandlerMethodArgumentResolver. To customize this, override the pageableResolver() method in RepositoryRestMvcConfiguration and configure setMaxPageSize(…) according to your needs
Thank you. Suggested solution works well by silently ignoring the page size setting of the request if the number is more than the max size we set on the resolver. Would it be appropriate to throw some error message rather than silently ignoring the page size?
Does it really make sense to throw an exception over gracefully falling back to something reasonable? We can of course add a flag to rather trigger the former behavior but I think people prefer the server to do "the right thing" than to force the client to resubmit the request.
Assume you write a client submitting an unreasonable large page size. You now receive an error, saying: "May allowed page size is X". What do you usually do? Re-trigger the request with exactly that size. That's why we currently fall back to the configured max page size