From 590795f592a8c210ccebf7a81a80816f6a415d96 Mon Sep 17 00:00:00 2001 From: Mathieu Fenniak Date: Sat, 27 Dec 2025 10:11:22 -0700 Subject: [PATCH] fix: don't use attachment size as max memory for ParseMultipart --- services/context/api.go | 8 -------- services/context/context.go | 8 -------- 2 files changed, 16 deletions(-) diff --git a/services/context/api.go b/services/context/api.go index 19e0c04911..be8d5ae724 100644 --- a/services/context/api.go +++ b/services/context/api.go @@ -289,14 +289,6 @@ func APIContexter() func(http.Handler) http.Handler { ctx.AppendContextValue(apiContextKey, ctx) ctx.AppendContextValueFunc(gitrepo.RepositoryContextKey, func() any { return ctx.Repo.GitRepo }) - // If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid. - if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") { - if err := ctx.Req.ParseMultipartForm(setting.Attachment.MaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size - ctx.InternalServerError(err) - return - } - } - httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform") ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions) diff --git a/services/context/context.go b/services/context/context.go index 728a955692..c8a3a71a2e 100644 --- a/services/context/context.go +++ b/services/context/context.go @@ -173,14 +173,6 @@ func Contexter() func(next http.Handler) http.Handler { } }) - // If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid. - if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") { - if err := ctx.Req.ParseMultipartForm(setting.Attachment.MaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size - ctx.ServerError("ParseMultipartForm", err) - return - } - } - httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform") ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)