| |
@@ -225,6 +225,19 @@
|
| |
try:
|
| |
self.debug('Response: %s' % response)
|
| |
webresponse = self.cfg.server.encodeResponse(response)
|
| |
+ resplen = len(json.dumps(webresponse.headers))
|
| |
+ if resplen > (4 * 1024):
|
| |
+ # This is a mostly arbitrary limit, but we should be able to at
|
| |
+ # the very least encode 4k into the response header. If it
|
| |
+ # gets too much though, Apache will think we have started
|
| |
+ # sending the actual page while we're still sending headers.
|
| |
+ self.error('WARNING: Response size exceeded 4KB. Apache will '
|
| |
+ 'most likely abort the request.')
|
| |
+ if resplen > (8 * 1024):
|
| |
+ # Over 8kb, we don't even wait for Apache to cancel us
|
| |
+ # anymore, as the chance we'll be able to send this with
|
| |
+ # success is pretty close to 0. Just show the user an error
|
| |
+ raise InvalidRequest('Response size exceeded limits')
|
| |
cherrypy.response.headers.update(webresponse.headers)
|
| |
cherrypy.response.status = webresponse.code
|
| |
return webresponse.body
|
| |
puiterwijk
commented 7 years ago
They will not be able to be returned through Apache, and if we don't
error this way, Apache will log obscure things.
This will happen if a user for example has 3 16KB SSH keys (live
example seen), and they are all requested.
OpenID 2.0 wants to encode the entire response in an HTTP Location
header, but when Apache sees this in the headers, it thinks we
made a mistake, and aborts the response.
Ticket: #238
Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com