Closed
Description
This line should be fixed to use a fixed limit. Setting it to contentLength doesn't make sense as that'd be the same as "limiting" it by Int.max (because content-length is attacker controlled and can be set to anything the other side wants). If that's desired (unlikely as that would open it up to denial of service attacks), then I'd recommend to be explicit: collect(upTo: Int.max).
But really: This should be a fixed number (maybe 16 MiB) of the maximum amount of bytes you're willing to balloon into memory here.
Please note that you do not need to validate (or even read) the content-length header, AsyncHTTPClient and SwiftNIO validate that it's correct (if present at all).
Metadata
Metadata
Assignees
Labels
No labels