From 4c34774b7eb787e37892399f2daddba68ec277e3 Mon Sep 17 00:00:00 2001 From: Kirill Kinduk Date: Fri, 25 Aug 2017 12:08:26 +0300 Subject: Add max_frame_size option for websocket handlers Option allows to limit a frame by size before decoding its payload. LH: I have added a test for when the limit is reached on a nofin fragmented frame (the last commit addressed that case but it had no test). I have fixed formatting and other, and changed the default value to infinity since it might otherwise be incompatible with existing code. I also added documentation and a bunch of other minor changes. --- doc/src/guide/ws_handlers.asciidoc | 16 ++++++++++++++++ doc/src/manual/cowboy_websocket.asciidoc | 8 ++++++++ 2 files changed, 24 insertions(+) (limited to 'doc') diff --git a/doc/src/guide/ws_handlers.asciidoc b/doc/src/guide/ws_handlers.asciidoc index c944606..71165af 100644 --- a/doc/src/guide/ws_handlers.asciidoc +++ b/doc/src/guide/ws_handlers.asciidoc @@ -225,6 +225,22 @@ init(Req, State) -> This value cannot be changed once it is set. It defaults to `60000`. +=== Limiting frame sizes + +Cowboy accepts frames of any size by default. You should +limit the size depending on what your handler may handle. +You can do this via the `init/2` callback: + +[source,erlang] +---- +init(Req, State) -> + {cowboy_websocket, Req, State, #{ + max_frame_size => 8000000}}. +---- + +The lack of limit is historical. A future version of +Cowboy will have a more reasonable default. + === Saving memory The Websocket connection process can be set to hibernate diff --git a/doc/src/manual/cowboy_websocket.asciidoc b/doc/src/manual/cowboy_websocket.asciidoc index 40864c5..5d686b1 100644 --- a/doc/src/manual/cowboy_websocket.asciidoc +++ b/doc/src/manual/cowboy_websocket.asciidoc @@ -153,6 +153,7 @@ Cowboy does it automatically for you. opts() :: #{ compress => boolean(), idle_timeout => timeout(), + max_frame_size => non_neg_integer() | infinity, req_filter => fun((cowboy_req:req()) -> map()) } ---- @@ -181,6 +182,13 @@ idle_timeout (60000):: connection open without receiving anything from the client. +max_frame_size (infinity):: + Maximum frame size allowed by this Websocket + handler. Cowboy will close the connection when + a client attempts to send a frame that goes over + this limit. For fragmented frames this applies + to the size of the reconstituted frame. + req_filter:: A function applied to the Req to compact it and only keep required information. The Req is only -- cgit v1.2.3