[jboss-jira] [JBoss JIRA] (WFLY-9675) Cannot disable 'max-post-size' check for undertow listeners

[Radoslav Husar (JIRA)]

     [ https://issues.jboss.org/browse/WFLY-9675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Radoslav Husar updated WFLY-9675:
---------------------------------
    Summary: Cannot disable 'max-post-size' check for undertow listeners  (was: cannot disable 'max-post-size' check for undertow listeners)


> Cannot disable 'max-post-size' check for undertow listeners
> -----------------------------------------------------------
>
>                 Key: WFLY-9675
>                 URL: https://issues.jboss.org/browse/WFLY-9675
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 11.0.0.Final
>            Reporter: Chao Wang
>            Assignee: Chao Wang
>            Priority: Minor
>
> With EAP7.1.0.GA, there has been added a validator for 'max-post-size' attribute for listeners in undertow subsystem. This validator requires positive integer values starting with value 1. That means, you cannot disable 'max-post-size' for such listener using 0 value anymore.
> In EAP6.4 and EAP7.0, it was possible to disable 'max-post-size' check with 0 value. I understand that we might not want to allow user to set this to 0 value as it might be a potentional security risk. Still, maybe we should relax this restriction as it was possible to configure it that way in previous versions of EAP.
> Also there is a [Knowledge Base article|https://access.redhat.com/solutions/714173] regarding to this feature, which we should update in case we won't reconsider our position.
> Just for the record - quoting question from mailing list:
> {quote}
> Dear Experts,
> Based on KCS, the "max-post-size" in "http-listener" from "undertow" subsystem can be disabled by setting "0" to it, it worked for EAP 6.x and 7.0 GA.
> But in EAP 7.1.0 GA, it didn't work:
> ~~~
> [standalone at localhost:9990 /] /subsystem=undertow/server=default-server/http-listener=default/:write-attribute(name=max-post-size,value=0)
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYCTL0117: 0 is an invalid value for parameter max-post-size. A minimum value of 1 is required",
>     "rolled-back" => true
> }
> ~~~
> By comparing schemas:
> ~~~
> jboss-eap-7.0/docs/schema/wildfly-undertow_x_x.xsd:
> <xs:attribute name="max-post-size" type="xs:long" default="0"/>
> ---
> jboss-eap-7.1/docs/schema/wildfly-undertow_x_x.xsd:
> <xs:attribute name="max-post-size" type="xs:long" default="10485760"/>
> ~~~
> The behaviour changed.
> And I found WFLY-6437 and JBEAP-3974, but failed to open links inside those.
> So can I ask if "max-post-size" can be disabled in EAP 7.1.0 GA and the reason if possible?
> Best Regards,
> Zhang Xu
> {quote}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)