Skip to content

[UNDERTOW-2611] Ensure max-request-size of a Multipart servlet can override a listener max-post-size#1797

Merged
fl4via merged 1 commit into
undertow-io:mainfrom
aogburn:04258311
Mar 19, 2026
Merged

[UNDERTOW-2611] Ensure max-request-size of a Multipart servlet can override a listener max-post-size#1797
fl4via merged 1 commit into
undertow-io:mainfrom
aogburn:04258311

Conversation

@aogburn

@aogburn aogburn commented Sep 22, 2025

Copy link
Copy Markdown
Contributor

@baranowb baranowb added bug fix Contains bug fix(es) under verification Currently being verified (running tests, reviewing) before posting a review to contributor waiting CI check Ready to be merged but waiting for CI check waiting peer review PRs that edit core classes might require an extra review labels Sep 23, 2025

@baranowb baranowb left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just leaving it as "Request changes" as there is not "comment" state.

// no content - immediately start the next request, returning an empty stream for this one
Connectors.terminateRequest(exchange);
} else {
if (exchange.getMaxEntitySize() > 0 && exchange.getMaxEntitySize() < contentLength && exchange.isResponseChannelAvailable()) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can user set it in code without use of servlets? pure handlers? if so, ignoring it here does not seem good idea.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If so, than it might not be optimal to remove it, we would need way to handle it both here and in servlet?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check and potential rejection was only more recently added with UNDERTOW-2556 but it's too soon to reject here without considering a possible servlet config at all. So removing this a light revert to what it historically had been. I don't think we lose anything significant by moving the check and fail to the ServletIntialHandler instead of the HttpTransferEncoding here since in the ServletIntialHandler, we'll be able to check and fail the request based on all option sources (the listener config, any handler's applied option, or the servlet config) and still fail earlier than waiting on an apps read as we had done before UNDERTOW-2556

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe, my point is that removing it from here denies this part usability for pure handler server. We need a way to leverage this in both types IMHO. If this particular version obstructs upstream, we might need a way to bypass it in case servlet is up in chain?
@fl4via ^^

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree @baranowb . I'm brainstorming a way of doing this.

@baranowb

Copy link
Copy Markdown
Contributor

@aogburn this needs rebase.

@aogburn

aogburn commented Feb 12, 2026

Copy link
Copy Markdown
Contributor Author

@aogburn this needs rebase.

done

@aogburn aogburn closed this Feb 12, 2026
@aogburn aogburn reopened this Feb 12, 2026
@fl4via fl4via changed the title Ensure max-request-size of a Multipart servlet can override a listener max-post-size [UNDERTOW-2611] Ensure max-request-size of a Multipart servlet can override a listener max-post-size Mar 3, 2026
@fl4via fl4via removed waiting CI check Ready to be merged but waiting for CI check waiting peer review PRs that edit core classes might require an extra review labels Mar 3, 2026

@fl4via fl4via left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aogburn I think Bartosz has a point. Can we update it in a way where we could leverage the solution for both Servlet and non-Servlet users?
I am also brainstorming a way of doing it, if I come up with an idea, I'll let you know.

@fl4via

fl4via commented Mar 4, 2026

Copy link
Copy Markdown
Member

@aogburn as promised, I gave this PR some thought, and I decided to go with this change. However, I'll be creating a follow-up issue and have it assigned so that, in the future, we have a solution for this kind of issue.

@fl4via fl4via removed the under verification Currently being verified (running tests, reviewing) before posting a review to contributor label Mar 4, 2026
@fl4via fl4via added the waiting CI check Ready to be merged but waiting for CI check label Mar 4, 2026
@fl4via fl4via added failed CI Introduced new regession(s) during CI check and removed waiting CI check Ready to be merged but waiting for CI check labels Mar 4, 2026

@fl4via fl4via left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I rebased it and there are some test failures. Can you please have a look @aogburn ?

@fl4via fl4via added the waiting PR update Awaiting PR update(s) from contributor before merging label Mar 4, 2026
@aogburn

aogburn commented Mar 16, 2026

Copy link
Copy Markdown
Contributor Author

I rebased it and there are some test failures. Can you please have a look @aogburn ?

Sure @fl4via. Done, ignored the added test in the proxy profile as I described in UNDERTOW-2611.

@aogburn aogburn requested a review from fl4via March 16, 2026 21:38
@fl4via fl4via added next release This PR will be merged before next release or has already been merged (for payload double check) waiting CI check Ready to be merged but waiting for CI check and removed waiting PR update Awaiting PR update(s) from contributor before merging failed CI Introduced new regession(s) during CI check labels Mar 19, 2026
@fl4via fl4via merged commit 921fd07 into undertow-io:main Mar 19, 2026
85 of 86 checks passed
@aogburn aogburn deleted the 04258311 branch May 7, 2026 21:10
@fl4via fl4via removed the waiting CI check Ready to be merged but waiting for CI check label May 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug fix Contains bug fix(es) next release This PR will be merged before next release or has already been merged (for payload double check)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants