Hi,I've been trying to implement an upper bound on the request body length using the maxLength body parser combined with the multipartFormData body parser (or the raw body parser) so that huge requests can be blocked without having to load all of the data into memory.Unfortunately this doesn't seem to be working when uploading large files from the browser. When I choose a large file (e.g. 5MB) and submit the <form>, the request hangs in the browser and never completes. On the server-side, the request completes, but the browser never seems to see the response.Simple example:def upload = Action(parse.maxLength(1048576, parse.multipartFormData)) { request =>request.body match {case Left(err) => EntityTooLarge("Request too big")case Right(body) => Ok("Not too big")}}I've been able to reproduce it in Chrome, Firefox, and IE.Has anyone seen this before and/or have any idea how to work around it?Thanks,Jim
In the "real" upload Action I have written a specific part handler that handle uploaded data (in my case I just want to stream it somewhere else) that always read the full user-provided data. In case of problem I keep reading the content (but don't use it any more) and when everything has been red I send an error-code.
This is not a perfect solution because in case of problems network resources are still wasted uploading unused data but if your isUploadValid controller is well written you should normally only upload valid data. My post with code sample is on https://groups.google.com/forum/?fromgroups=#!starred/play-framework/n7yF6wNBL_s
Of course if someone is trying to "attack" your site and directly calls the upload controller without going through the check first then this solution won't work, but I guess this is another topic.
Since I have implemented this solution I heard about the expect handshake. HTTP protocol defines an expect 100 continue handshake: in this mode the client starts by only sending the headers of the request (i.e. including content-length) and waits for the server to return either an error code or a 100-continue response. If the later is received then the full request with post content is made. I think that it would be the more elegant way to handle your problem but I don't know if it's supported by the play! framework yet.
Hello,
I seem to have stumbled across the same issue that you are having. Have you made any progress or is this actually a bug that we should report? It seems like Play should disconnect after sending the 413 or at least finish reading the stream.