use more common default values for message and line size limits

mojolicious · Jan 28, 2015 · 7a8e71f · 7a8e71f
1 parent d53deb3
commit 7a8e71f
Show file tree

Hide file tree

Showing 9 changed files with 26 additions and 23 deletions.
diff --git a/Changes b/Changes
@@ -1,5 +1,8 @@
 
 5.76  2015-01-28
+  - Increased default max_message_size from 10MB to 16MB in Mojo::Message.
+  - Reduced default max_line_size from 10KB to 8KB in Mojo::Headers and
+    Mojo::Message.
   - Improved Hypnotoad load balancing by calling srand() after starting a new
     worker in Mojo::Server::Prefork.
   - Fixed bug in Mojo::DOM::CSS where combinators needed to be surrounded by

diff --git a/lib/Mojo/Headers.pm b/lib/Mojo/Headers.pm
@@ -3,7 +3,7 @@ use Mojo::Base -base;
 
 use Mojo::Util 'monkey_patch';
 
-has max_line_size => sub { $ENV{MOJO_MAX_LINE_SIZE} || 10240 };
+has max_line_size => sub { $ENV{MOJO_MAX_LINE_SIZE} || 8192 };
 has max_lines     => sub { $ENV{MOJO_MAX_LINES}     || 100 };
 
 # Common headers
@@ -184,7 +184,7 @@ L<Mojo::Headers> implements the following attributes.
   $headers = $headers->max_line_size(1024);
 
 Maximum header line size in bytes, defaults to the value of the
-C<MOJO_MAX_LINE_SIZE> environment variable or C<10240> (10KB).
+C<MOJO_MAX_LINE_SIZE> environment variable or C<8192> (8KB).
 
 =head2 max_lines
 

diff --git a/lib/Mojo/Message.pm b/lib/Mojo/Message.pm
@@ -13,8 +13,8 @@ use Mojo::Util 'decode';
 
 has content => sub { Mojo::Content::Single->new };
 has default_charset  => 'UTF-8';
-has max_line_size    => sub { $ENV{MOJO_MAX_LINE_SIZE} || 10240 };
-has max_message_size => sub { $ENV{MOJO_MAX_MESSAGE_SIZE} // 10485760 };
+has max_line_size    => sub { $ENV{MOJO_MAX_LINE_SIZE} || 8192 };
+has max_message_size => sub { $ENV{MOJO_MAX_MESSAGE_SIZE} // 16777216 };
 has version          => '1.1';
 
 sub body {
@@ -381,15 +381,15 @@ Default charset used for form-data parsing, defaults to C<UTF-8>.
   $msg     = $msg->max_line_size(1024);
 
 Maximum start-line size in bytes, defaults to the value of the
-C<MOJO_MAX_LINE_SIZE> environment variable or C<10240> (10KB).
+C<MOJO_MAX_LINE_SIZE> environment variable or C<8192> (8KB).
 
 =head2 max_message_size
 
   my $size = $msg->max_message_size;
   $msg     = $msg->max_message_size(1024);
 
 Maximum message size in bytes, defaults to the value of the
-C<MOJO_MAX_MESSAGE_SIZE> environment variable or C<10485760> (10MB). Setting
+C<MOJO_MAX_MESSAGE_SIZE> environment variable or C<16777216> (16MB). Setting
 the value to C<0> will allow messages of indefinite size. Note that increasing
 this value can also drastically increase memory usage, should you for example
 attempt to parse an excessively large message body with the L</"body_params">,
@@ -424,7 +424,7 @@ C<multipart/form-data> message body, usually a L<Mojo::Parameters> object.
 Note that this method caches all data, so it should not be called before the
 entire message body has been received. Parts of the message body need to be
 loaded into memory to parse C<POST> parameters, so you have to make sure it is
-not excessively large, there's a 10MB limit by default.
+not excessively large, there's a 16MB limit by default.
 
   # Get POST parameter names and values
   my $hash = $msg->body_params->to_hash;
@@ -483,7 +483,7 @@ to call the method L<Mojo::DOM/"find"> on it right away, which returns a
 L<Mojo::Collection> object. Note that this method caches all data, so it
 should not be called before the entire message body has been received. The
 whole message body needs to be loaded into memory to parse it, so you have to
-make sure it is not excessively large, there's a 10MB limit by default.
+make sure it is not excessively large, there's a 16MB limit by default.
 
   # Perform "find" right away
   say $msg->dom('h1, h2, h3')->map('text')->join("\n");
@@ -599,7 +599,7 @@ JSON Pointer can be used to extract a specific value with
 L<Mojo::JSON::Pointer>. Note that this method caches all data, so it should
 not be called before the entire message body has been received. The whole
 message body needs to be loaded into memory to parse it, so you have to make
-sure it is not excessively large, there's a 10MB limit by default.
+sure it is not excessively large, there's a 16MB limit by default.
 
   # Extract JSON values
   say $msg->json->{foo}{bar}[23];

diff --git a/lib/Mojo/Message/Request.pm b/lib/Mojo/Message/Request.pm
@@ -412,7 +412,7 @@ more than just the last one, you can use L</"every_param">. Note that this
 method caches all data, so it should not be called before the entire request
 body has been received. Parts of the request body need to be loaded into
 memory to parse C<POST> parameters, so you have to make sure it is not
-excessively large, there's a 10MB limit by default.
+excessively large, there's a 16MB limit by default.
 
 =head2 params
 
@@ -424,7 +424,7 @@ usually a L<Mojo::Parameters> object. Note that this method caches all data,
 so it should not be called before the entire request body has been received.
 Parts of the request body need to be loaded into memory to parse C<POST>
 parameters, so you have to make sure it is not excessively large, there's a
-10MB limit by default.
+16MB limit by default.
 
   # Get parameter names and values
   my $hash = $req->params->to_hash;

diff --git a/lib/Mojolicious/Controller.pm b/lib/Mojolicious/Controller.pm
@@ -609,7 +609,7 @@ message body, in that order. If there are multiple values sharing the same
 name, and you want to access more than just the last one, you can use
 L</"every_param">. Parts of the request body need to be loaded into memory to
 parse C<POST> parameters, so you have to make sure it is not excessively
-large, there's a 10MB limit by default.
+large, there's a 16MB limit by default.
 
   # Get first value
   my $first = $c->every_param('foo')->[0];
@@ -935,7 +935,7 @@ validate C<GET> and C<POST> parameters extracted from the query string and
 C<application/x-www-form-urlencoded> or C<multipart/form-data> message body.
 Parts of the request body need to be loaded into memory to parse C<POST>
 parameters, so you have to make sure it is not excessively large, there's a
-10MB limit by default.
+16MB limit by default.
 
   my $validation = $c->validation;
   $validation->required('title')->size(3, 50);

diff --git a/lib/Mojolicious/Guides/Cookbook.pod b/lib/Mojolicious/Guides/Cookbook.pod
@@ -986,7 +986,7 @@ file with L<Mojo::Asset::File/"move_to">.
   my $tx = $ua->get('https://www.github.com/kraih/mojo/tarball/master');
   $tx->res->content->asset->move_to('mojo.tar.gz');
 
-To protect you from excessively large files there is also a limit of 10MB by
+To protect you from excessively large files there is also a limit of 16MB by
 default, which you can tweak with the attribute
 L<Mojo::Message/"max_message_size"> or C<MOJO_MAX_MESSAGE_SIZE> environment
 variable.

diff --git a/lib/Mojolicious/Guides/FAQ.pod b/lib/Mojolicious/Guides/FAQ.pod
@@ -136,23 +136,23 @@ In L<Mojolicious> this event loop is L<Mojo::IOLoop>.
 
 To protect your applications from excessively large requests and responses,
 our HTTP parser has a cap after which it will automatically stop accepting new
-data, and in most cases force the connection to be closed. The limit is 10MB
+data, and in most cases force the connection to be closed. The limit is 16MB
 by default, you can use the attribute L<Mojo::Message/"max_message_size"> or
 C<MOJO_MAX_MESSAGE_SIZE> environment variable to change this value.
 
 =head2 What does the error "Maximum start-line size exceeded" mean?
 
 This is a very similar protection mechanism to the one described in the
 previous answer, but a little more specific. It limits the maximum length of
-the start-line for HTTP requests and responses. The limit is 10KB by default,
+the start-line for HTTP requests and responses. The limit is 8KB by default,
 you can use the attribute L<Mojo::Message/"max_line_size"> or
 C<MOJO_MAX_LINE_SIZE> environment variable to change this value.
 
 =head2 What does the error "Maximum header size exceeded" mean?
 
 Almost the same as the previous answer, but this protection mechanism limits
 the number and maximum length of HTTP request and response headers. The limits
-are 100 headers with 10KB each by default, you can use the attributes
+are 100 headers with 8KB each by default, you can use the attributes
 L<Mojo::Headers/"max_lines"> and L<Mojo::Headers/"max_line_size"> or the
 C<MOJO_MAX_LINES> and C<MOJO_MAX_LINE_SIZE> environment variables to change
 these values.

diff --git a/lib/Mojolicious/Guides/Tutorial.pod b/lib/Mojolicious/Guides/Tutorial.pod
@@ -777,7 +777,7 @@ temporary file.
     </body>
   </html>
 
-To protect you from excessively large files there is also a limit of 10MB by
+To protect you from excessively large files there is also a limit of 16MB by
 default, which you can tweak with the attribute
 L<Mojo::Message/"max_message_size"> or C<MOJO_MAX_MESSAGE_SIZE> environment
 variable.

diff --git a/t/mojo/request.t b/t/mojo/request.t
@@ -32,8 +32,8 @@ is $req->cookie('a'), undef, 'no value';
 
 # Parse HTTP 1.1 message with huge "Cookie" header exceeding line limit
 $req = Mojo::Message::Request->new;
-is $req->headers->max_line_size, 10240, 'right size';
-is $req->headers->max_lines,     100,   'right number';
+is $req->headers->max_line_size, 8192, 'right size';
+is $req->headers->max_lines,     100,  'right number';
 $req->parse("GET / HTTP/1.1\x0d\x0a");
 $req->parse("Cookie: @{['a=b; ' x 131072]}\x0d\x0a");
 $req->parse("Content-Length: 0\x0d\x0a\x0d\x0a");
@@ -63,7 +63,7 @@ is $req->body, '', 'no content';
 
 # Parse HTTP 1.1 message with content exceeding line limit
 $req = Mojo::Message::Request->new;
-is $req->max_message_size, 10485760, 'right size';
+is $req->max_message_size, 16777216, 'right size';
 $req->parse("GET / HTTP/1.1\x0d\x0a");
 $req->parse("Content-Length: 655360\x0d\x0a\x0d\x0a@{['a=b; ' x 131072]}");
 ok $req->is_finished, 'request is finished';
@@ -85,7 +85,7 @@ $req = Mojo::Message::Request->new;
 $req->parse("GET / HTTP/1.1\x0d\x0a");
 $req->parse("Content-Length: 0\x0d\x0a");
 ok !$req->is_limit_exceeded, 'limit is not exceeded';
-$req->parse("Foo: @{['a' x 10240]}");
+$req->parse("Foo: @{['a' x 8192]}");
 ok $req->is_finished, 'request is finished';
 is $req->error->{message}, 'Maximum header size exceeded', 'right error';
 ok $req->is_limit_exceeded, 'limit is exceeded';
@@ -97,7 +97,7 @@ is $req->body, '', 'no content';
 
 # Parse broken HTTP 1.1 message with start-line exceeding line limit
 $req = Mojo::Message::Request->new;
-is $req->max_line_size, 10240, 'right size';
+is $req->max_line_size, 8192, 'right size';
 is $req->headers->max_lines, 100, 'right number';
 $req->parse("GET /@{['abcd' x 131072]} HTTP/1.1");
 ok $req->is_finished, 'request is finished';