withoutSizeLimit

Signature

def withoutSizeLimit: Directive0 

Description

Skips request entity size verification.

The whole mechanism of entity size checking is intended to prevent certain Denial-of-Service attacks. So suggested setup is to have pekko.http.parsing.max-content-length relatively low and use withoutSizeLimit directive just for endpoints for which size verification should not be performed.

Caution

Usage of withoutSizeLimit is not recommended as it turns off the too large payload protection. Therefore, we highly encourage using withSizeLimit instead, providing it with a value high enough to successfully handle the route in need of big entities.

See also withSizeLimit for setting request entity size limit.

Example

Scala
sourceval route =
  withoutSizeLimit {
    entity(as[String]) { _ =>
      complete(HttpResponse())
    }
  }

// tests:
def entityOfSize(size: Int) =
  HttpEntity(ContentTypes.`text/plain(UTF-8)`, List.fill(size)('0').mkString)

// will work even if you have configured pekko.http.parsing.max-content-length = 500
Post("/abc", entityOfSize(501)) ~> route ~> check {
  status shouldEqual StatusCodes.OK
}
Java
sourceimport static org.apache.pekko.http.javadsl.server.Directives.complete;
import static org.apache.pekko.http.javadsl.server.Directives.entity;
import static org.apache.pekko.http.javadsl.server.Directives.withSizeLimit;

final Route route =
    withSizeLimit(500, () -> entity(Unmarshaller.entityToString(), (entity) -> complete("ok")));

Function<Integer, HttpRequest> withEntityOfSize =
    (sizeLimit) -> {
      char[] charArray = new char[sizeLimit];
      Arrays.fill(charArray, '0');
      return HttpRequest.POST("/").withEntity(new String(charArray));
    };

// tests:
testRoute(route).run(withEntityOfSize.apply(500)).assertStatusCode(StatusCodes.OK);

testRoute(route)
    .run(withEntityOfSize.apply(501))
    .assertStatusCode(StatusCodes.CONTENT_TOO_LARGE);