Deployment-Härtung + Podman-Container
- http.Server mit Timeouts (Slowloris) und Graceful Shutdown (SIGTERM) - Adresse und DB-Pfad per Env (KVER_ADDR, KVER_DB) - Security-Header global: nosniff, X-Frame-Options, Referrer-Policy, CSP - Upload-Requests hart auf 17 MB gedeckelt (MaxBytesReader statt nur Multipart-Speichergrenze) - Indizes für Feed-, Thread- und Vote-Queries - middleware.RealIP für Logging/Rate-Limit hinter dem Reverse-Proxy - Containerfile (Multi-Stage, Alpine, non-root) + Deploy-Doku in notes/ Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -128,6 +128,9 @@ func handleUserRename(w http.ResponseWriter, r *http.Request) {
|
||||
func handleSetAvatar(w http.ResponseWriter, r *http.Request) {
|
||||
uid := uidFromContext(r.Context())
|
||||
|
||||
// Wie bei handleCreateEntry: Request-Größe hart deckeln, bevor Multipart
|
||||
// in Temp-Dateien streamen darf.
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxUploadBytes)
|
||||
if err := r.ParseMultipartForm(16 << 20); err != nil {
|
||||
writeError(w, http.StatusBadRequest, "Ungültige Anfrage")
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user