Issue #1182 new

max_request_header_size not used anywhere

Anshul Goyal
created an issue

I am trying to send a HTTP request with header size greater than 512KB to ensure that I will receive HTTP-413. As per my readings, cherrypy will return 413 when the received header size is greater than the value defined in max_request_header_size or when the request body size exceeds the value defined in max_request_body_size.

After reading the code and trying the following, I see that the default header size is set to 500Kb.

import cherrypy
print cherrypy.server.max_request_header_size

result: 512000

However, I didn't see anywhere in the code where this variable (max_request_header_size) is actually used. After browsing the code, I realize that it only verifies max_request_body_size against the 'content-length' header property.

https://bitbucket.org/cherrypy/cherrypy/src/55be1e7c6dd37ffbf326fdf83ea94cf0565cbdc7/cherrypy/wsgiserver/wsgiserver2.py?at=default#cl-710

It appears to be a bug in cherrypy. Can you please confirm?

Comments (3)

  1. Log in to comment