diff options
Diffstat (limited to 'src/network/access/qhttpheaderparser_p.h')
-rw-r--r-- | src/network/access/qhttpheaderparser_p.h | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/network/access/qhttpheaderparser_p.h b/src/network/access/qhttpheaderparser_p.h index 7b70b174bf..9b149570e0 100644 --- a/src/network/access/qhttpheaderparser_p.h +++ b/src/network/access/qhttpheaderparser_p.h @@ -1,4 +1,4 @@ -// Copyright (C) 2021 The Qt Company Ltd. +// Copyright (C) 2022 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only #ifndef QHTTPHEADERPARSER_H @@ -24,6 +24,25 @@ QT_BEGIN_NAMESPACE +namespace HeaderConstants { + +// We previously used 8K, which is common on server side, but it turned out to +// not be enough for various uses. Historically Firefox used 10K as the limit of +// a single field, but some Location headers and Authorization challenges can +// get even longer. Other browsers, such as Chrome, instead have a limit on the +// total size of all the headers (as well as extra limits on some of the +// individual fields). We'll use 100K as our default limit, which would be a ridiculously large +// header, with the possibility to override it where we need to. +static constexpr int MAX_HEADER_FIELD_SIZE = 100 * 1024; +// Taken from http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfields +static constexpr int MAX_HEADER_FIELDS = 100; +// Chromium has a limit on the total size of the header set to 256KB, +// which is a reasonable default for QNetworkAccessManager. +// https://stackoverflow.com/a/3436155 +static constexpr int MAX_TOTAL_HEADER_SIZE = 256 * 1024; + +} + class Q_NETWORK_PRIVATE_EXPORT QHttpHeaderParser { public: @@ -54,12 +73,25 @@ public: void removeHeaderField(const QByteArray &name); void clearHeaders(); + void setMaxHeaderFieldSize(qsizetype size) { maxFieldSize = size; } + qsizetype maxHeaderFieldSize() const { return maxFieldSize; } + + void setMaxTotalHeaderSize(qsizetype size) { maxTotalSize = size; } + qsizetype maxTotalHeaderSize() const { return maxTotalSize; } + + void setMaxHeaderFields(qsizetype count) { maxFieldCount = count; } + qsizetype maxHeaderFields() const { return maxFieldCount; } + private: QList<QPair<QByteArray, QByteArray> > fields; QString reasonPhrase; int statusCode; int majorVersion; int minorVersion; + + qsizetype maxFieldSize = HeaderConstants::MAX_HEADER_FIELD_SIZE; + qsizetype maxTotalSize = HeaderConstants::MAX_TOTAL_HEADER_SIZE; + qsizetype maxFieldCount = HeaderConstants::MAX_HEADER_FIELDS; }; |