D
Deno

help

std/http/server: URI too long —how to avoid loading those?

Jjcayzac7/14/2023
Using https://deno.land/std@0.194.0/http/server.ts, is there a way to reject long URIs before they are loaded in memory? I have a middleware that responds with 414 URI Too Long when the URI length is > 8192, but this only saves me from the cost of parsing that thing —it's still already loaded in memory even if it's 1MB in size. How can I get the server to close the connection when the URI grows beyond 8k instead?
Pporridgewithraisins7/16/2023
Ngl I've never seen someone handle a 416 uri too long. :p. I wouldn't worry about it in your case. Whatever low level http library is anyways loading it into memory and giving that to you. Unless you change the max length down there it won't matter. Also, I'm sure the underlying http implementation already has a reasonable limit for uri length
Jjcayzac7/20/2023
Well it does not. I tried hitting my server with URIs a few megabytes long and they got loaded into memory and passed to my handler. This seems to make it super easy to DoS any Deno server (unless of course it's behind a reverse proxy that offers that protection, but then it should be written in big red ink somewhere that Deno isn't suitable for serving things directly)
Jjcayzac7/20/2023
HTTP Routing | Heroku Dev Center
HTTP routing on the Common Runtime has an HTTP stack supporting HTTP 1.1, a rolling timeout mechanism, and multiple simultaneous connections.
Jjcayzac7/20/2023
If no size constraint can be put on request elements (URI, header names, header values, cookies...), then Deno cannot be used in any internet-facing application, and only behind other servers that do support these.
Pporridgewithraisins7/26/2023
Oh wow, that sounds pretty important then. Try tagging some deno contributors and see what they have to say

Looking for more? Join the community!

Recommended Posts
Worker: TS2304 [ERROR]: Cannot find name 'postMessage'When type-checking a worker script that uses the global `postMessage()` method, `deno check` gives aHow to recover from worker death? It terminates my main program…In the error message handler, I replace the dead worker with a new one, but it kills my program eithIs there anyone using kv with pentagon ORM and Zod ?I've tried using pentagon for Deno kv in a Fresh project, and it seems like it's not working.Prefix Kv keys with a base partCurrently I add `base()` to all keys: ``` kv.set([base(), "foo"], value) ``` Instead of manually adCaching old versionsWhy is deno caching old versions even tho the version is specifieddeno check: Module '"internal:///missing_dependency.d.ts"' has no exported member...The sequence of events: - Upgraded to Deno 1.35.0 - ran `deno check` on my code - got an error like cargo compile size 160MWhen using `cargo install deno` the result is 160M, if there's info on shrinking this somewhere pleaDeno type enforcementHey, I have a question about the type checking. ```ts function logging(message : number) { consoDNS Records and Denoso I am confused I'm building an application that uses Steam's web API and am looking at why the resFresh pattern helpCould anyone possibly help guide me to understand the 'freshest' pattern for the following, please? Deno seems to assume wrong return type (Puppeteer)With the following code, I get an type error which I do not expect: ```ts const element: ElementHanCreating my first Deno moduleHave never published to NPM or Denoland before, so I'm having some problems figuring shit out. I'm g