Commits

Robert Brewer committed bceabab

Fix for #823 (Automatic comparison of content-length and max_request_body_size).

  • Participants
  • Parent commits 00bd250

Comments (0)

Files changed (2)

File cherrypy/test/test_conn.py

         self.assertBody("")
         conn.close()
     
+    def test_Content_Length(self):
+        # Try a non-chunked request where Content-Length exceeds
+        # server.max_request_body_size. Assert error before body send.
+        self.persistent = True
+        conn = self.HTTP_CONN
+        conn.putrequest("POST", "/upload", skip_host=True)
+        conn.putheader("Host", self.HOST)
+        conn.putheader("Content-Type", "text/plain")
+        conn.putheader("Content-Length", 9999)
+        conn.endheaders()
+        response = conn.getresponse()
+        self.status, self.headers, self.body = webtest.shb(response)
+        self.assertStatus(413)
+        self.assertBody("")
+        conn.close()
+    
     def test_HTTP10(self):
         self.PROTOCOL = "HTTP/1.0"
         if self.scheme == "https":

File cherrypy/wsgiserver/__init__.py

             self.simple_response("400 Bad Request", repr(ex.args))
             return
         
+        mrbs = self.max_request_body_size
+        if mrbs and int(environ.get("CONTENT_LENGTH", 0)) > mrbs:
+            self.simple_response("413 Request Entity Too Large")
+            return
+        
         # Set AUTH_TYPE, REMOTE_USER
         creds = environ.get("HTTP_AUTHORIZATION", "").split(" ", 1)
         environ["AUTH_TYPE"] = creds[0]