Parsing request bodies, for example JSON-encoded payloads, is a performance-heavy operation, especially with larger requests.
When handling incoming requests in your web application, you should limit the size of their respective payloads. Incoming requests with
unlimited body/payload sizes can lead to your application performing badly or crashing due to a denial-of-service outage or other unwanted side-effects.
Many popular middleware-solutions for parsing request bodies, such as the already-included body-parser
package for express, expose
options to limit the sizes of request payloads, making it easy for developers to implement this functionality. You can also
integrate a request body size limit in your reverse-proxy/web server software if supported. Below are examples for limiting request sizes using
express
and/or nginx
.
express
const express = require('express');
const app = express();
app.use(express.json({ limit: '300kb' })); // body-parser defaults to a body size limit of 100kb
// Request with json body
app.post('/json', (req, res) => {
// Check if request payload content-type matches json, because body-parser does not check for content types
if (!req.is('json')) {
return res.sendStatus(415); // -> Unsupported media type if request doesn't have JSON body
}
res.send('Hooray, it worked!');
});
app.listen(3000, () => console.log('Example app listening on port 3000!'));
🔗 Express docs for express.json()
nginx
http {
...
# Limit the body size for ALL incoming requests to 1 MB
client_max_body_size 1m;
}
server {
...
# Limit the body size for incoming requests to this specific server block to 1 MB
client_max_body_size 1m;
}
location /upload {
...
# Limit the body size for incoming requests to this route to 1 MB
client_max_body_size 1m;
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。