On 3/24/22 19:11, Alan de Freitas via Boost wrote:
Hi!
We're deciding on the max size for URLs in our Boost.URL proposal. The spec doesn't suggest a limit but the reasonable trade-off https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-u... is:
- 2^16 chars: More than all browsers, servers, and search engines support (~2000 chars). More than the HTTP minimum of 8000 octets. - 2^32 chars: "414 Too long request" in practice everywhere. Maybe supports experiments using URLs as a container for something else.
Any suggestions?
I'd prefer 2^16, especially if it allows to reduce the URI object size (meaning the object itself, irrespective of the URI string body). Excessive limits on the URI size may be a source of resource exhaustion vulnerabilities when the URI is obtained from an external source.