Forums

Limit the size of `request.data`

I have the following in my Django webapp:

class IndexContentView(generics.CreateAPIView):
    permission_classes = [IsAuthenticated]

    def create(self, request):
        transcript = request.data['transcript']

How can I make sure that requests with request.data larger than a certain size, such as 2 MB, do not hit my endpoint? I know I could insert a check in my code, but that would not prevent an attack throwing many large requests at my app. Also, I want to set a limit for all requests. How do I do this with PA?

Beloved premium user DrMeir | 25 posts | Nov. 21, 2023, 1:02 p.m. | permalink

You could write custom middleware to drop requests like that early.

Staff fjl | 4348 posts | PythonAnywhere staff | Nov. 21, 2023, 7:06 p.m. | permalink

What do you mean by middleware (i.e. where should that middleware live)? Isn't there a default limit in place right now?

Beloved premium user DrMeir | 25 posts | Nov. 23, 2023, 11:39 a.m. | permalink

See https://docs.djangoproject.com/en/4.2/topics/http/middleware/. There is a limit of 100M that is already imposed on all requests.

Staff glenn | 9498 posts | PythonAnywhere staff | Nov. 23, 2023, 4:32 p.m. | permalink