https://bz.apache.org/bugzilla/show_bug.cgi?id=63746
Bug ID: 63746 Summary: Add global post size limit Product: Tomcat 9 Version: 9.0.24 Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: ir...@irfanhabib.com Target Milestone: ----- Tomcat does not enforce the maximum POST size limit for requests that are not of `application/x-www-form-urlencoded`. See https://github.com/apache/tomcat/blob/2050f1a04ad6254df492049c14bd12f39ab1120e/java/org/apache/catalina/connector/Request.java#L3206 This means that POST requests that are posting JSON documents with content type `application/json` can post arbitrarily sized content to a tomcat hosted servlet. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org