increase max headers to 64 to cope with modern browsers + proxy combinations

This is mostly a "do not allow infinity headers" limit in the sense
of "it's good to have limits". With modern browsers and users behind
proxies we may actually get over 30 headers, so increase it for now
to 64 - hopefully enough for another decade ;)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reported-by: Victor Hooi <victorhooi@yahoo.com>

diff --git a/PVE/APIServer/AnyEvent.pm b/PVE/APIServer/AnyEvent.pm
index efb81687f9b8b62a663875c7232f5ad7b584861a..c55da7f7b4eb60859c6966dbdeb6d9211eed2bfd 100644 (file)
--- a/PVE/APIServer/AnyEvent.pm
+++ b/PVE/APIServer/AnyEvent.pm
@@ -46,7 +46,7 @@ use HTTP::Response;
 use Data::Dumper;
 use JSON;
 
-my $limit_max_headers = 30;
+my $limit_max_headers = 64;
 my $limit_max_header_size = 8*1024;
 my $limit_max_post = 64*1024;
 
@@ -1184,7 +1184,7 @@ sub unshift_read_header {
        eval {
            # print "$$: got header: $line\n" if $self->{debug};
 
-           die "to many http header lines\n" if ++$state->{count} >= $limit_max_headers;
+           die "too many http header lines (> $limit_max_headers)\n" if ++$state->{count} >= $limit_max_headers;
            die "http header too large\n" if ($state->{size} += length($line)) >= $limit_max_header_size;
 
            my $r = $reqstate->{request};