undefined | Better HN

0 pointsmeindnoch1y ago0 comments

>I mean, the client device can also send zip bombs

A GET request doesn't have a body. There's nothing to gzip.

0 comments

mrtksn1y ago

What if they send a POST request?

chgs1y ago

Most servers will limit posts to a fairly low size by default.

mrtksn1y ago

Yes but the idea behind zip bombs that they appear to be very small, when expanded it can be extremely large. Before attempting to decompress, the POST request may appear something like 20kb and end up being 20gb.

1 more reply

meindnochOP1y ago

You close the socket as soon as you see "POST" and there's no POST handler registered.

mrtksn1y ago

what if you accept post for legit reasons?

1 more reply

neallindsay1y ago

GET requests usually don't have a body, but they can.

j / k navigate · click thread line to collapse

0 pointsmeindnoch1y ago0 comments

>I mean, the client device can also send zip bombs

A GET request doesn't have a body. There's nothing to gzip.

0 comments

mrtksn1y ago

What if they send a POST request?

chgs1y ago

Most servers will limit posts to a fairly low size by default.

mrtksn1y ago

1 more reply

meindnochOP1y ago

You close the socket as soon as you see "POST" and there's no POST handler registered.

mrtksn1y ago

what if you accept post for legit reasons?

1 more reply

neallindsay1y ago

GET requests usually don't have a body, but they can.

j / k navigate · click thread line to collapse