Posted about 10 years ago. Visible to the public. Linked content.

Rack dies when parsing large forms

  • Rack has a limit for how many form parameters it will parse.
  • This limit is 65536 by default.
  • There is a bug in Rack that will incorrectly count the number of input fields in nested forms. In my case a form with 1326 input fields was enough to break the default limit.
  • If Rack thinks your request is too large, the request will fail with a low-level Ruby message like Fix: "undefined method `bytesize' for #" or the standard Rails error box.
  • You will not get an exception notification per e-mail or Airbrake.

Why?

Rack has introduced this limit to prevent your server from being DOSed through large form submissions. The default value should also be enough for anyone if Rack counted nested params correctly.

Fixes

This seems to be fixed Archive in newer versions of Rack, so you might be able to fix it by upgrading rack.

You can also increase the limit by a reasonable amount by adding this to your environment.rb, application.rb or an initializer:

Copy
if Rack::Utils.respond_to?("key_space_limit=") Rack::Utils.key_space_limit = 262144 # 4 times the default size end

Does your version of Ruby on Rails still receive security updates?
Rails LTS provides security patches for unsupported versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2).

Owner of this card:

Avatar
Henning Koch
Last edit:
about 10 years ago
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Henning Koch to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more