Page MenuHomeSoftware Heritage

Web API: /known: add a length limit to the list of accepted PID
Open, HighPublic

Description

The /known endpoint takes as input a list of PIDs.
To avoid abusing the DB backend (no matter how much data the web server will accept) we should put a limit on how many PIDs are accepted.
There should be a default, and it should be overridable at the webapp configuration level.

A reasonable default to begin with is probably 1'000 PIDs (one PID is 50 character long, so that's about 50 KiB + json list terminators).

(no need to check the limit in a streaming fashion, we will delegate that part to varnish: T2277)

Event Timeline

zack triaged this task as High priority.Feb 11 2020, 2:52 PM
zack created this task.