alopresto commented on a change in pull request #4125: NIFI-7153 Adds
ContentLengthFilter and DoSFilter
URL: https://github.com/apache/nifi/pull/4125#discussion_r390701556
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
##########
@@ -590,11 +591,15 @@ private WebAppContext loadWar(final File warFile, final
String contextPath, fina
// add HTTP security headers to all responses
final String ALL_PATHS = "/*";
- ArrayList<Class<? extends Filter>> filters = new
ArrayList<>(Arrays.asList(XFrameOptionsFilter.class,
ContentSecurityPolicyFilter.class, XSSProtectionFilter.class));
+ ArrayList<Class<? extends Filter>> filters = new
ArrayList<>(Arrays.asList(
Review comment:
I notice the max form content size is set to 600KB on line 590 above. If
this is set, doesn't the `10 MB` / `100 MB` limit not apply because Jetty
overrides it anyway?
https://www.eclipse.org/jetty/documentation/current/setting-form-size.html
>Jetty limits the amount of data that can post back from a browser or other
client to the server. This helps protect the server against denial of service
attacks by malicious clients sending huge amounts of data. The default maximum
size Jetty permits is 200000 bytes. You can change this default for a
particular webapp, for all webapps on a particular Server instance, or all
webapps within the same JVM.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
