Skip to content

Commit

Permalink
Update webhook handler example to use http.MaxBytesReader
Browse files Browse the repository at this point in the history
Updates the webhook handler example to use `http.MaxBytesReader` to
protect against a malicious client streaming an endless request body.

We're making a similar change in our server side documentation examples,
so I'm updating this spot as well for consistency.
  • Loading branch information
brandur committed Aug 12, 2019
1 parent 07ba346 commit 67eacb8
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions webhook/client_handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ import (

func Example() {
http.HandleFunc("/webhook", func(w http.ResponseWriter, req *http.Request) {
// Protects against a malicious client streaming us an endless requst
// body
const MaxBodyBytes = int64(65536)
req.Body = http.MaxBytesReader(w, req.Body, MaxBodyBytes)

body, err := ioutil.ReadAll(req.Body)
if err != nil {
Expand Down

0 comments on commit 67eacb8

Please sign in to comment.