size limiting fix for request not containg content-length header

puug · Jun 6, 2015 · 809292c · 809292c
1 parent 486f374
commit 809292c
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 6 deletions.
diff --git a/kong/plugins/requestsizelimiting/access.lua b/kong/plugins/requestsizelimiting/access.lua
@@ -3,6 +3,19 @@ local response = require "kong.tools.responses"
 
 local _M = {}
 
+local CONTENT_LENGHT = "content-length"
+
+local function check_size(length, allowed_size)
+  local allowed_bytes_size = allowed_size * 100000
+  if length > allowed_bytes_size then
+    local headers = ngx.req.get_headers()
+    if headers.expect and stringy.strip(headers.expect:lower()) == "100-continue" then
+      return response.send(417, "Request size limit exceeded")
+    else
+      return response.send(413, "Request size limit exceeded")
+    end
+  end
+end
 
 -- Request size limiting, rejects request if payload size is greater than allowed size
 --
@@ -11,14 +24,17 @@ local _M = {}
 -- @return `response` contains response code and error message
 function _M.execute(conf)
   local headers = ngx.req.get_headers()
-  local allowed_bytes_size = conf.allowed_payload_size * 100000
-  if tonumber(headers["content-length"]) > allowed_bytes_size then
-    if headers.expect and stringy.strip(headers.expect:lower()) == "100-continue" then
-      return response.send(417, "Request size limit exceeded")
-    else
-      return response.send(413, "Request size limit exceeded")
+  if headers[CONTENT_LENGHT] then
+    check_size(tonumber(headers[CONTENT_LENGHT]), conf.allowed_payload_size)
+  else
+    -- not very good idea
+    ngx.req.read_body()
+    local data = ngx.req.get_body_data()
+    if data then
+      check_size(string.len(data), conf.allowed_payload_size)
     end
   end
+
 end
 
 return _M
diff --git a/spec/plugins/request_size_limiting_spec.lua b/spec/plugins/request_size_limiting_spec.lua
@@ -50,5 +50,19 @@ describe("RequestSizeLimiting Plugin", function()
       assert.are.equal(200, status)
     end)
   end)
+
+  describe("With no content-length header post request", function()
+    it("should be allowed", function()
+      local response, status = http_client.post(STUB_POST_URL, {key = "This is a test string"}, { host = "test3.com", ['Content-Type'] = "application/x-www-form-urlencoded" } )
+      assert.are.equal(200, status)
+    end)
+  end)
+
+  describe("With no content-length header get request", function()
+    it("should be allowed", function()
+      local response, status = http_client.get(STUB_POST_URL, {}, { host = "test3.com" } )
+      assert.are.equal(200, status)
+    end)
+  end)
 
 end)