From bdcee066654bf1b024d67948f54eb05ce7975340 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Thu, 2 Mar 2023 18:26:21 +0100 Subject: [PATCH] WebClient: remove the default upload size limit Users who want a limit can still set it. By default, we want to allow uploads of any size Signed-off-by: Nicola Murino --- docs/full-configuration.md | 2 +- internal/config/config.go | 2 +- internal/httpd/httpd_test.go | 1 + sftpgo.json | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/full-configuration.md b/docs/full-configuration.md index 45cf7df1..888d8064 100644 --- a/docs/full-configuration.md +++ b/docs/full-configuration.md @@ -362,7 +362,7 @@ The configuration file contains the following sections: - `ca_revocation_lists`, list of strings. Set a revocation lists, one for each root CA, to be used to check if a client certificate has been revoked. The revocation lists can be reloaded on demand sending a `SIGHUP` signal on Unix based systems and a `paramchange` request to the running service on Windows. - `signing_passphrase`, string. Passphrase to use to derive the signing key for JWT and CSRF tokens. If empty a random signing key will be generated each time SFTPGo starts. If you set a signing passphrase you should consider rotating it periodically for added security. - `token_validation`, integer. Define how to validate JWT tokens, cookies and CSRF tokens. By default all the available security checks are enabled. Set to 1 to disable the requirement that a token must be used by the same IP for which it was issued. Default: `0`. - - `max_upload_file_size`, integer. Defines the maximum request body size, in bytes, for Web Client/API HTTP upload requests. 0 means no limit. Default: 1048576000. + - `max_upload_file_size`, integer. Defines the maximum request body size, in bytes, for Web Client/API HTTP upload requests. `0` means no limit. Default: `0`. - `cors` struct containing CORS configuration. SFTPGo uses [Go CORS handler](https://github.com/rs/cors), please refer to upstream documentation for fields meaning and their default values. - `enabled`, boolean, set to `true` to enable CORS. - `allowed_origins`, list of strings. diff --git a/internal/config/config.go b/internal/config/config.go index 6a3cec3d..2a6e98f5 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -386,7 +386,7 @@ func Init() { CARevocationLists: nil, SigningPassphrase: "", TokenValidation: 0, - MaxUploadFileSize: 1048576000, + MaxUploadFileSize: 0, Cors: httpd.CorsConfig{ Enabled: false, AllowedOrigins: []string{}, diff --git a/internal/httpd/httpd_test.go b/internal/httpd/httpd_test.go index ee5de9a1..6a5aacd7 100644 --- a/internal/httpd/httpd_test.go +++ b/internal/httpd/httpd_test.go @@ -313,6 +313,7 @@ func TestMain(m *testing.M) { os.Setenv("SFTPGO_DEFAULT_ADMIN_PASSWORD", "password") os.Setenv("SFTPGO_HTTPD__BINDINGS__0__WEB_CLIENT_INTEGRATIONS__0__URL", "http://127.0.0.1/test.html") os.Setenv("SFTPGO_HTTPD__BINDINGS__0__WEB_CLIENT_INTEGRATIONS__0__FILE_EXTENSIONS", ".pdf,.txt") + os.Setenv("SFTPGO_HTTPD__MAX_UPLOAD_FILE_SIZE", "1048576000") err := config.LoadConfig(configDir, "") if err != nil { logger.WarnToConsole("error loading configuration: %v", err) diff --git a/sftpgo.json b/sftpgo.json index 1be81480..d9ae000d 100644 --- a/sftpgo.json +++ b/sftpgo.json @@ -336,7 +336,7 @@ "ca_revocation_lists": [], "signing_passphrase": "", "token_validation": 0, - "max_upload_file_size": 1048576000, + "max_upload_file_size": 0, "cors": { "enabled": false, "allowed_origins": [],