Skip to content

Commit

Permalink
send and verify Content-Length
Browse files Browse the repository at this point in the history
  • Loading branch information
@dimkr
dimkr committed Sep 3, 2024
1 parent 4da6f57 commit d262708
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
2 changes: 2 additions & 0 deletions fed/deliver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"log/slog"
"net/http"
"net/url"
"strconv"
"sync"
"time"
)
Expand Down Expand Up @@ -325,6 +326,7 @@ func (q *Queue) queueTasks(ctx context.Context, job deliveryJob, rawActivity []b

req.Header.Set("User-Agent", userAgent)
req.Header.Set("Accept", `application/ld+json; profile="https://www.w3.org/ns/activitystreams"`)
req.Header.Set("Content-Length", strconv.Itoa(len(rawActivity)))

if recipients.Contains(job.Sender.Followers) {
if digest, err := followers.Digest(ctx, q.DB, q.Domain, job.Sender, req.URL.Host); err == nil {
Expand Down
7 changes: 6 additions & 1 deletion fed/inbox.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,14 @@ func (l *Listener) handleInbox(w http.ResponseWriter, r *http.Request) {
return
}

if r.ContentLength > l.Config.MaxRequestBodySize {
w.WriteHeader(http.StatusRequestEntityTooLarge)
return
}

body, err := io.ReadAll(io.LimitReader(r.Body, l.Config.MaxRequestBodySize))
if err != nil {
w.WriteHeader(http.StatusRequestEntityTooLarge)
w.WriteHeader(http.StatusInternalServerError)
return
}

Expand Down

0 comments on commit d262708

Please sign in to comment.