oatpp-authkit

uwe.admin/oatpp-authkit

Fork 0

Commit graph

Author	SHA1	Message	Date
Uwe Schuster	950012d946	#4 : BodySizeLimitInterceptor — fail-closed on missing/malformed Content-Length Body-bearing methods (POST/PUT/PATCH) now reject: - missing Content-Length → 411 - malformed Content-Length → 400 - non-identity Transfer-Encoding (chunked, etc.) → 411 - declared length > maxBytes → 413 (unchanged) GET/HEAD/DELETE/OPTIONS/TRACE pass through unchanged. Consumers needing the legacy fail-open behaviour pass `requireContentLength = false`. Bump to 0.3.3 (behaviour tightening — consumers on default ctor see new 411/400 responses on requests that previously sailed through). Closes #4 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-25 21:36:50 +02:00

Author

SHA1

Message

Date

Uwe Schuster

950012d946

#4 : BodySizeLimitInterceptor — fail-closed on missing/malformed Content-Length

Body-bearing methods (POST/PUT/PATCH) now reject:
- missing Content-Length → 411
- malformed Content-Length → 400
- non-identity Transfer-Encoding (chunked, etc.) → 411
- declared length > maxBytes → 413 (unchanged)

GET/HEAD/DELETE/OPTIONS/TRACE pass through unchanged. Consumers needing
the legacy fail-open behaviour pass `requireContentLength = false`.

Bump to 0.3.3 (behaviour tightening — consumers on default ctor see new
411/400 responses on requests that previously sailed through).

Closes #4

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-25 21:36:50 +02:00

1 commit