http: add MaxBytesReader to limit request body size
This adds http.MaxBytesReader, similar to io.LimitReader, but specific to http, and for preventing a class of DoS attacks. This also makes the 10MB ParseForm limit optional (if not already set by a MaxBytesReader), documents it, and also adds "PUT" as a valid verb for parsing forms in the request body. Improves issue 2093 (DoS protection) Fixes #2165 (PUT form parsing) R=golang-dev, adg CC=golang-dev https://golang.org/cl/4921049
Showing
Please register or sign in to comment