Skip to content

Commit

Permalink
Add ReadHeaderTimeout for security
Browse files Browse the repository at this point in the history
Closes #821

Signed-off-by: Doug Davis <dug@microsoft.com>
  • Loading branch information
Doug Davis committed Dec 9, 2022
1 parent 2298be0 commit efab88d
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
2 changes: 2 additions & 0 deletions v2/protocol/http/abuse_protection.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"net/http"
"strconv"
"strings"
"time"
)

type WebhookConfig struct {
Expand All @@ -23,6 +24,7 @@ type WebhookConfig struct {

const (
DefaultAllowedRate = 1000
DefaultTimeout = time.Second * 600
)

// TODO: implement rate limiting.
Expand Down
6 changes: 4 additions & 2 deletions v2/protocol/http/protocol_lifecycle.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,10 @@ func (p *Protocol) OpenInbound(ctx context.Context) error {
}

p.server = &http.Server{
Addr: listener.Addr().String(),
Handler: attachMiddleware(p.Handler, p.middleware),
Addr: listener.Addr().String(),
Handler: attachMiddleware(p.Handler, p.middleware),
ReadTimeout: DefaultTimeout,
WriteTimeout: DefaultTimeout,
}

// Shutdown
Expand Down

0 comments on commit efab88d

Please sign in to comment.