shreemaan-abhishek opened a new pull request, #13601:
URL: https://github.com/apache/apisix/pull/13601

   ### Description
   
   Route matching supports `post_arg.*` predicates. For `application/json` and 
`multipart/form-data` requests, resolving these predicates in 
`apisix/core/ctx.lua` calls `request.get_request_body_table()` with no size 
limit, so the full request body (including temp-file-backed bodies) is parsed 
into worker memory during the access-phase matching.
   
   This PR adds a configurable bound:
   
   - New config `apisix.max_post_args_readable_size` (in MB, default `64`, `0` 
disables the limit).
   - `post_arg.*` matching now passes this cap to the body reader. Bodies 
larger than the cap are not read; the predicate resolves to `nil` and the route 
simply does not match.
   - The cap covers the JSON and multipart paths (`x-www-form-urlencoded` 
already goes through nginx's bounded `get_post_args`).
   
   Added schema validation, updated `config.yaml.example`, the router-radixtree 
docs, and tests in `t/core/ctx3.t` (oversized body is not read and the route 
does not match; within-cap body still matches).
   
   #### Which issue(s) this PR fixes:
   Fixes #
   
   ### Checklist
   
   - [x] I have explained the need for this PR and the problem it solves
   - [x] I have explained the changes or the new features added to this PR
   - [x] I have added tests corresponding to this change
   - [x] I have updated the documentation to reflect this change
   - [x] I have verified that this change is backward compatible (If not, 
please discuss on the [APISIX mailing 
list](https://github.com/apache/apisix/tree/master#community) first)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to