Comments (7)
There are two different ways you can handle this in the current version:
-
use the
OnHeadersAvailable
event to check the client'sContent-Length
request header, and if it is too large then set theVContinueProcessing
parameter to False, and optionally use theOnHeadersBlocked
event to customize the response if desired, ie by setting theVResponseNo
parameter to413
(Content Too Large). By default, it is403
(Forbidden). Note that this approach will not work for "chunked" requests. -
use the
OnCreatePostStream
event to provide your own customTStream
object to receive the client's data (by default, aTMemoryStream
is used). You can also look at the client's request headers in this event, too. If theContent-Length
header is too large, or if too much data gets written to the stream, then you can raise an exception to terminate the request.
from indy.
Thank you very much! I will check this and get back to you.
from indy.
Hi @rlebeau.
I've checked the OnHeadersAvailable
and OnHeadersBlocked
approach.
This worked so far as I can check the headers and disrupt the communication if needed.
If I set VContinueProcessing
to false the event OnHeadersBlocked
is fired and I can set the VResponseNo
etc. Unfortunately this information doesn't reach the calling client. I used postman for my test and there I only get "Could not get response" and "aborted".
Do I have to "send" the response in some way?
Thx!
from indy.
No, the response is sent automatically after the event handlers return, as you can see in the source code:
function HeadersCanContinue: Boolean;
var
LResponseNo: Integer;
LResponseText, LContentText, S: String;
begin
// let the user decide if the request headers are acceptable
// TODO pass the whole LRequestInfo object so the user has access
// to the request method, too...
Result := DoHeadersAvailable(AContext, LRequestInfo.URI, LRequestInfo.RawHeaders); // <-- FIRES THE OnHeadersAvailable EVENT
if not Result then begin
DoHeadersBlocked(AContext, LRequestInfo.RawHeaders, LResponseNo, LResponseText, LContentText); // <-- FIRES THE OnHeadersBlocked EVENT
LResponseInfo.ResponseNo := LResponseNo;
if Length(LResponseText) > 0 then begin
LResponseInfo.ResponseText := LResponseText;
end;
LResponseInfo.ContentText := LContentText;
LResponseInfo.CharSet := 'utf-8'; {Do not localize}
LResponseInfo.CloseConnection := True;
LResponseInfo.WriteHeader; // <-- SENDS THE RESPONSE STATUS AND HEADERS
if Length(LContentText) > 0 then begin
LResponseInfo.WriteContent; // <-- SENDS THE RESPONSE BODY
end;
Exit;
end;
...
end;
from indy.
You are right. I tested it with Chrome and there I get the correct return code. Thank you very much.
from indy.
The limitation with the custom Stream and OnCreatePostStream also works great!
Do you know the normal chunk size that is written at once with http 1.1?
from indy.
There is no "normal chunk size" in HTTP. If the client or server sends a chunked message, each chunk specifies its own size, so it can be whatever size the sender wants.
In this case, depending on buffering, the size written to the PostStream
may not always be a full chunk at a time, it may be pieces of a chunk. The only requirement is that pieces are written to the PostStream
in the correct order.
from indy.
Related Issues (20)
- Remove IIdTextEncoding parameters for AnsiString input on FreePascal 3.0+
- ConnectTimeout not working HOT 1
- Service compiled with Delphi 11 (TidTCPServer) with Clients compiled with Delphi XE3 not connecting. HOT 2
- Compile error after fc3966b : an open parenthesis is missing in idHTTP line 3189
- Error reading IdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method: Invalid property value HOT 2
- Make it easier to send replies in TIdEventSocksServer event handlers
- EIdOpenSSLShutdownError on TCP server shutdown after verifying SSL_shutdown result code HOT 4
- When SSL_get_error() returns SSL_ERROR_SYSCALL, include the error from GetLastError()
- documentation can't be downloaded HOT 5
- Assume the highest supported compiler version when a new compiler is released
- CTCP PING does not return correct value HOT 6
- Update IdCustomHTTPServer responses HOT 1
- SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports
- Delphi 2007 w/ Indy 10.6.2.0 Won't Compile (File not found: IdSys.dcu) HOT 2
- EConvertError in TIdX509.notBefore and TIdX509.notAfter properties for 4-digit years
- Tidtelnet.Disconnect cannot be disconnected HOT 2
- No FHeadIndex - A Bug? HOT 4
- Wont Reset Bytes - A Bug? HOT 4
- Rad Studio 12 - Settings compatible HOT 3
- idHttp - IPv6 - IPVersion-ProtocolSwitch on Redirect (HandleRedirects=true) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from indy.