go-ethereum

mirror of https://github.com/ethereum/go-ethereum.git synced 2026-06-04 14:08:39 +00:00

History

Minh Vu c782197d48 graphql: limit request body size (#35034 ) Fixes #35033 ## Problem The GraphQL HTTP handler decoded request bodies directly before executing the query. Unlike the JSON-RPC HTTP path, `/graphql` did not have an explicit request body limit before JSON decoding. A single `Decode` also stops after the first JSON value, so the handler now requires EOF after the GraphQL request object to ensure oversized trailing request data is not ignored. ## Changes - Limit GraphQL request bodies to 5 MiB, matching the existing JSON-RPC default body limit. - Return `413 Request Entity Too Large` when the limit is exceeded. - Require EOF after the request JSON object. - Add regression coverage for oversized query bodies and oversized trailing request data. - Fix an existing GraphQL test fixture that had an unintended trailing quote after the JSON object. ## Validation - `gofmt -w graphql/service.go graphql/graphql_test.go` - `go run golang.org/x/tools/cmd/goimports@latest -w graphql/service.go graphql/graphql_test.go` - `go test ./graphql -run TestGraphQLHTTPBodyLimit -count=1` - `go test ./graphql -count=1`		2026-05-27 12:53:34 +02:00
..
internal/graphiql	all: update license comments and AUTHORS (#31133 )	2025-02-05 23:01:17 +01:00
graphiql.go	graphql: upgrade UI to v2 (#27294 )	2023-05-22 08:15:05 -04:00
graphql.go	graphql: end == 0 and begin > 0 should be reject (#35032 )	2026-05-26 14:21:07 +02:00
graphql_test.go	graphql: limit request body size (#35034 )	2026-05-27 12:53:34 +02:00
schema.go	internal/ethapi: remove td field from block (#30386 )	2024-10-01 11:36:56 +02:00
service.go	graphql: limit request body size (#35034 )	2026-05-27 12:53:34 +02:00