withoutSizeLimit

Signature

def withoutSizeLimit: Directive0

Description

Skips request entity size verification.

The whole mechanism of entity size checking is intended to prevent certain Denial-of-Service attacks. So suggested setup is to have akka.http.parsing.max-content-length relatively low and use withoutSizeLimit directive just for endpoints for which size verification should not be performed.

Caution

Usage of withoutSizeLimit is not recommended as it turns off the too large payload protection. Therefore, we highly encourage using withSizeLimit instead, providing it with a value high enough to successfully handle the route in need of big entities.

See also withSizeLimit for setting request entity size limit.

Example

Scala

val route =
  withoutSizeLimit {
    entity(as[String]) { _ ⇒
      complete(HttpResponse())
    }
  }

// tests:
def entityOfSize(size: Int) =
  HttpEntity(ContentTypes.`text/plain(UTF-8)`, "0" * size)

// will work even if you have configured akka.http.parsing.max-content-length = 500
Post("/abc", entityOfSize(501)) ~> route ~> check {
  status shouldEqual StatusCodes.OK
}

Java

final Route route = withSizeLimit(500, () ->
  entity(Unmarshaller.entityToString(), (entity) ->
    complete("ok")
  )
);

Function<Integer, HttpRequest> withEntityOfSize = (sizeLimit) -> {
  char[] charArray = new char[sizeLimit];
  Arrays.fill(charArray, '0');
  return HttpRequest.POST("/").withEntity(new String(charArray));
};

// tests:
testRoute(route).run(withEntityOfSize.apply(500))
  .assertStatusCode(StatusCodes.OK);

testRoute(route).run(withEntityOfSize.apply(501))
  .assertStatusCode(StatusCodes.BAD_REQUEST);