f0ef4f474620ed95a7572c579689f262e79a724f - go

commit	f0ef4f474620ed95a7572c579689f262e79a724f	[log] [tgz]
author	Brad Fitzpatrick <bradfitz@golang.org>	Tue Aug 23 12:17:21 2011 +0400
committer	Brad Fitzpatrick <bradfitz@golang.org>	Tue Aug 23 12:17:21 2011 +0400
tree	80d2caa7f7067ff1434a8cee500772181ef5fb99
parent	6731d47f99d993522aa41990b46498d20ba646f1 [diff]

http: add MaxBytesReader to limit request body size

This adds http.MaxBytesReader, similar to io.LimitReader,
but specific to http, and for preventing a class of DoS
attacks.

This also makes the 10MB ParseForm limit optional (if
not already set by a MaxBytesReader), documents it,
and also adds "PUT" as a valid verb for parsing forms
in the request body.

Improves issue 2093 (DoS protection)
Fixes #2165 (PUT form parsing)

R=golang-dev, adg
CC=golang-dev
https://golang.org/cl/4921049

src/pkg/http/request.go[diff]
src/pkg/http/serve_test.go[diff]
src/pkg/http/server.go[diff]
src/pkg/http/transfer.go[diff]

4 files changed

tree: 80d2caa7f7067ff1434a8cee500772181ef5fb99

doc/
include/
lib/
misc/
src/
test/
.hgignore
.hgtags
AUTHORS
CONTRIBUTORS
favicon.ico
LICENSE
PATENTS
README
robots.txt