Increase the maxHttpBufferSize (#6409)

heldersepu · web-flow · commit 0b0d8824779c · 2024-06-01T13:17:02.000+02:00
diff --git a/.github/workflows/frontend-admin-tests.yml b/.github/workflows/frontend-admin-tests.yml
@@ -85,7 +85,7 @@ jobs:
         run: "sed -i 's/\"enableAdminUITests\": false/\"enableAdminUITests\": true,\\n\"users\":{\"admin\":{\"password\":\"changeme1\",\"is_admin\":true}}/' settings.json"
       -
         name: increase maxHttpBufferSize
-        run: "sed -i 's/\"maxHttpBufferSize\": 10000/\"maxHttpBufferSize\": 10000000/' settings.json"
+        run: "sed -i 's/\"maxHttpBufferSize\": 50000/\"maxHttpBufferSize\": 10000000/' settings.json"
       -
         name: Disable import/export rate limiting
         run: |
diff --git a/doc/docker.adoc b/doc/docker.adoc
@@ -510,7 +510,7 @@ For the editor container, you can also make it full width by adding `full-width-
 
 | `SOCKETIO_MAX_HTTP_BUFFER_SIZE`
 | The maximum size (in bytes) of a single message accepted via Socket.IO. If a client sends a larger message, its connection gets closed to prevent DoS (memory exhaustion) attacks.
-| `10000`
+| `50000`
 
 | `LOAD_TEST`
 | Allow Load Testing tools to hit the Etherpad Instance. WARNING: this will disable security on the instance.
diff --git a/doc/docker.md b/doc/docker.md
@@ -213,7 +213,7 @@ For the editor container, you can also make it full width by adding `full-width-
 | `FOCUS_LINE_PERCENTAGE_ARROW_UP`  | Percentage of viewport height to be additionally scrolled when user presses arrow up in the line of the top of the viewport. Set to 0 to let the scroll to be handled as default by Etherpad           | `0`                   |
 | `FOCUS_LINE_DURATION`             | Time (in milliseconds) used to animate the scroll transition. Set to 0 to disable animation                                                                                                            | `0`                   |
 | `FOCUS_LINE_CARET_SCROLL`         | Flag to control if it should scroll when user places the caret in the last line of the viewport                                                                                                        | `false`               |
-| `SOCKETIO_MAX_HTTP_BUFFER_SIZE`   | The maximum size (in bytes) of a single message accepted via Socket.IO. If a client sends a larger message, its connection gets closed to prevent DoS (memory exhaustion) attacks.                     | `10000`               |
+| `SOCKETIO_MAX_HTTP_BUFFER_SIZE`   | The maximum size (in bytes) of a single message accepted via Socket.IO. If a client sends a larger message, its connection gets closed to prevent DoS (memory exhaustion) attacks.                     | `50000`               |
 | `LOAD_TEST`                       | Allow Load Testing tools to hit the Etherpad Instance. WARNING: this will disable security on the instance.                                                                                            | `false`               |
 | `DUMP_ON_UNCLEAN_EXIT`            | Enable dumping objects preventing a clean exit of Node.js. WARNING: this has a significant performance impact.                                                                                         | `false`               |
 | `EXPOSE_VERSION`                  | Expose Etherpad version in the web interface and in the Server http header. Do not enable on production machines.                                                                                      | `false`               |
diff --git a/settings.json.docker b/settings.json.docker
@@ -544,7 +544,7 @@
      * value to work properly, but increasing the value increases susceptibility
      * to denial of service attacks (malicious clients can exhaust memory).
      */
-    "maxHttpBufferSize": "${SOCKETIO_MAX_HTTP_BUFFER_SIZE:10000}"
+    "maxHttpBufferSize": "${SOCKETIO_MAX_HTTP_BUFFER_SIZE:50000}"
   },
 
   /*
diff --git a/settings.json.template b/settings.json.template
@@ -537,7 +537,7 @@
      * value to work properly, but increasing the value increases susceptibility
      * to denial of service attacks (malicious clients can exhaust memory).
      */
-    "maxHttpBufferSize": 10000
+    "maxHttpBufferSize": 50000
   },
 
   /*
diff --git a/src/node/utils/Settings.ts b/src/node/utils/Settings.ts
@@ -153,7 +153,7 @@ exports.socketIo = {
      * properly, but increasing the value increases susceptibility to denial of service attacks
      * (malicious clients can exhaust memory).
      */
-    maxHttpBufferSize: 10000,
+    maxHttpBufferSize: 50000,
 };
 
 

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ jobs:`
`85`	`85`	`run: "sed -i 's/\"enableAdminUITests\": false/\"enableAdminUITests\": true,\\n\"users\":{\"admin\":{\"password\":\"changeme1\",\"is_admin\":true}}/' settings.json"`
`86`	`86`	`-`
`87`	`87`	`name: increase maxHttpBufferSize`
`88`		`- run: "sed -i 's/\"maxHttpBufferSize\": 10000/\"maxHttpBufferSize\": 10000000/' settings.json"`
	`88`	`+ run: "sed -i 's/\"maxHttpBufferSize\": 50000/\"maxHttpBufferSize\": 10000000/' settings.json"`
`89`	`89`	`-`
`90`	`90`	`name: Disable import/export rate limiting`
`91`	`91`	`run: \|`