Limiting page size [DATAREST-195] #523
Comments
|
Oliver Drotbohm commented By default the maximum page size is set to 2000 (through the default setting in |
|
Sri commented Thank you. Suggested solution works well by silently ignoring the page size setting of the request if the number is more than the max size we set on the resolver. Would it be appropriate to throw some error message rather than silently ignoring the page size? |
|
Oliver Drotbohm commented Does it really make sense to throw an exception over gracefully falling back to something reasonable? We can of course add a flag to rather trigger the former behavior but I think people prefer the server to do "the right thing" than to force the client to resubmit the request. Assume you write a client submitting an unreasonable large page size. You now receive an error, saying: "May allowed page size is X". What do you usually do? Re-trigger the request with exactly that size. That's why we currently fall back to the configured max page size |
|
Sri commented For my use-case your solution works. I leave rest to community |
|
Oliver Drotbohm commented Will be fixed transitively by the fixes in the linked tickets |
Sri opened DATAREST-195 and commented
Currently SDR allows to set the page "size" parameter without limiting it. From an unscrupulous user making requests with large "size" parameter could bring down the app. It would be nice to limit "size" parameter at global level as well as individual resource level
Issue Links:
DATACMNS-408 Guard against invalid values when resolving pagination and sorting parameters from web requests
DATACMNS-335 PageableHandlerMethodArgumentResolver should allow configuring maximum page size
The text was updated successfully, but these errors were encountered: