New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit Collection page sizes somehow? #246
Comments
Something similar applies for object recursion - a full object is obviously much bigger than a URL to an object so if the server is too aggressive about recursing through objects, the response size can balloon. We've kind of already raised this in #229 - not sure if we should change that, do something else, etc. |
The size of HTML documents also is not limited by the specification. Should it be? I do not think that this would help. |
Yeah, as I said I feel the same. I think we should just put something in security considerations. At the end of the day if you connect to a server that does bad stuff like this there isn't much we can do in the spec itself about that. |
Yeah I think it should go in security considerations. I'd be good with that. |
@cwebber want me to do a PR for this one? |
Sure! That would be great. |
Forgot about this! But filed #252 :) |
On IRC, saranix points out that "4GB inboxes are possible, completely unpaged is allowed, and any page size is allowed, the server can do whatever and the client is just supposed to be able to handle it... I think that's way too open-ended"
It seems like no sane server would ever do this, but maybe we should put something in the spec about it anyway, just in case?
The text was updated successfully, but these errors were encountered: