• Brad Fitzpatrick's avatar
    http: add MaxBytesReader to limit request body size · f0ef4f47
    Brad Fitzpatrick authored
    This adds http.MaxBytesReader, similar to io.LimitReader,
    but specific to http, and for preventing a class of DoS
    attacks.
    
    This also makes the 10MB ParseForm limit optional (if
    not already set by a MaxBytesReader), documents it,
    and also adds "PUT" as a valid verb for parsing forms
    in the request body.
    
    Improves issue 2093 (DoS protection)
    Fixes #2165 (PUT form parsing)
    
    R=golang-dev, adg
    CC=golang-dev
    https://golang.org/cl/4921049
    f0ef4f47
serve_test.go 26.5 KB