Skip to content

Commit

Permalink
Not increasing MaxRequestBodySize beyond its preconfigured size
Browse files Browse the repository at this point in the history
  • Loading branch information
Piedone committed Feb 5, 2024
1 parent 9f97140 commit 1327a66
Showing 1 changed file with 7 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,13 @@ public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
context.HttpContext.Features.Set<IFormFeature>(new FormFeature(context.HttpContext.Request, formOptions));

var maxRequestBodySizeFeature = context.HttpContext.Features.Get<IHttpMaxRequestBodySizeFeature>();
if (maxRequestBodySizeFeature is { IsReadOnly: false })
// Only setting MaxRequestBodySize if it wouldn't go over the preconfigured size. This is necessary because
// larger requests would pose a security issue (since the original limit was configured for a reason), and under
// IIS it wouldn't work with the following message anyway: "Increasing the MaxRequestBodySize conflicts with the
// max value for IIS limit maxAllowedContentLength. HTTP requests that have a content length greater than
// maxAllowedContentLength will still be rejected by IIS. You can disable the limit by either removing or
// setting the maxAllowedContentLength value to a higher limit."
if (maxRequestBodySizeFeature is { IsReadOnly: false } && maxRequestBodySizeFeature.MaxRequestBodySize > maxFileSize)
{
maxRequestBodySizeFeature.MaxRequestBodySize = maxFileSize;
}
Expand Down

0 comments on commit 1327a66

Please sign in to comment.