You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, I'm not sure if this qualifies as an 'issue', nevertheless, the described behaviour might be confusing/surprising for end users, so I'm opening this.
I've discovered that when the Armeria server's limits (e.g., maxRequestLength) are exceeded, the response prepared by Http4s is ignored in favour of Armeria's default behaviour. This means that if someone handles the corresponding error of exceeding the payload size on the Http4s side (for instance, by responding with a 500 Internal Server Error) but does not configure the maxRequestLength in the Armeria server, a 413 Request Entity Too Large code will be sent. What's even worse, all the Http4s Server Middlewares won't be applied, resulting in missing CORS headers, for example. In this particular case, the advice is to turn off checking the request length on Armeria's side — serverBuilder.withMaxRequestLength(0L), or set it a little above the Http4s' setting values.
Seemingly, the same behaviour of ignoring the prepared Http4s response by Armeria will occur with other server settings, such as request timeout, idle timeout, etc. I doubt that we can bypass this by tweaking the Http4s-Armeria integration somehow. Perhaps the only way is to turn off checks when instantiating an ArmeriaServerBuilder on the user side. @ikhoon Is it correct to suppose?
The text was updated successfully, but these errors were encountered:
First of all, I'm not sure if this qualifies as an 'issue', nevertheless, the described behaviour might be confusing/surprising for end users, so I'm opening this.
I've discovered that when the Armeria server's limits (e.g., maxRequestLength) are exceeded, the response prepared by Http4s is ignored in favour of Armeria's default behaviour. This means that if someone handles the corresponding error of exceeding the payload size on the Http4s side (for instance, by responding with a
500 Internal Server Error) but does not configure the maxRequestLength in the Armeria server, a413 Request Entity Too Largecode will be sent. What's even worse, all the Http4s Server Middlewares won't be applied, resulting in missing CORS headers, for example. In this particular case, the advice is to turn off checking the request length on Armeria's side —serverBuilder.withMaxRequestLength(0L), or set it a little above the Http4s' setting values.Seemingly, the same behaviour of ignoring the prepared Http4s response by Armeria will occur with other server settings, such as request timeout, idle timeout, etc. I doubt that we can bypass this by tweaking the Http4s-Armeria integration somehow. Perhaps the only way is to turn off checks when instantiating an
ArmeriaServerBuilderon the user side. @ikhoon Is it correct to suppose?The text was updated successfully, but these errors were encountered: