8

I want to limit the size of accepted application/json http request bodys. So that it is not possible to send multiple megabytes of json to my application, which are then processed and make my app run for a long time.

I've read here that there is no out of the box solution to do this. Spring boot Embedded Tomcat "application/json" post request restriction to 10KB

Is there another solution beside implementing something myself. For me this seems like a very common use-case and I can't believe that there is no general solution for this, because this is a very easily exploitable security issue.

Fredster
  • 96
  • 1
  • 6
  • 4
    In my opinion the refereced question does not answer this question. There is no default limit. I tried requests with roughly 20 MB and they were accepted. I also configured the server.tomcat.max-http-post-size property from spring - and it did not work. Though I can try configuring it directly in the tomcat settings – Fredster Sep 08 '17 at 16:45

0 Answers0