Skip to content

Return 413 Content Too Large for oversized response bodies #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 7 commits into
base: feature/better-middleware
Choose a base branch
from
Draft

Return 413 Content Too Large for oversized response bodies #5

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
dffed66
Initial plan
Copilot Dec 23, 2025
095c4a3
Return 413 Content Too Large when response exceeds MaxBodyBytes
Copilot Dec 23, 2025
2cd596b
Fix terminology: use "Content Too Large" consistently
Copilot Dec 23, 2025
2c9461b
Make error message more descriptive: "response body too large"
Copilot Dec 23, 2025
8cba6c9
Make error message more descriptive: "response body too large"
Copilot Dec 23, 2025
dfa8163
Merge branch 'copilot/sub-pr-2' of https://github.com/calypr/drs-serv…
Copilot Dec 23, 2025
a8cc920
Restore internal/apigen files that were accidentally deleted
Copilot Dec 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 7 additions & 13 deletions cmd/server/middleware/openapi_response_validator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,21 +87,15 @@ func NewOpenAPIResponseValidator(cfg ResponseValidatorConfig) gin.HandlerFunc {
return
}

// If response too large to buffer, decide policy
// If response too large to buffer, return 413 Content Too Large
if bw.tooLarge {
msg := fmt.Sprintf("response body exceeded max buffer (%d bytes); skipping OpenAPI response validation", cfg.MaxBodyBytes)
if cfg.Mode == ResponseValidationEnforce {
// In enforce mode, safest is to fail closed *before committing*.
// We can still send a 500 because we haven’t committed yet.
c.Writer = bw.underlying // restore
c.Status(http.StatusInternalServerError)
c.Header("Content-Type", "application/json")
c.Writer.Write([]byte(fmt.Sprintf(`{"error":"openapi response validation failed","detail":%q}`, msg)))
return
}
// audit mode: commit and log
msg := fmt.Sprintf("response body exceeded max buffer (%d bytes)", cfg.MaxBodyBytes)
logOpenAPIResponseIssue(c, cfg, msg, status, bw.header, bw.body.Bytes())
_ = bw.commit()
// Return 413 Content Too Large instead of committing truncated response
c.Writer = bw.underlying // restore
c.Status(http.StatusRequestEntityTooLarge) // 413
c.Header("Content-Type", "application/json")
c.Writer.Write([]byte(fmt.Sprintf(`{"error":"response body too large","detail":%q}`, msg)))
return
}

Expand Down