Skip to content

[Blazor] Relax size limits on Server sourced payloads #63693

@javiercn

Description

@javiercn
  • Currently Blazor Server has a hard limit based on the SignalR message size, as all payloads are required to fit in there, which is present for security reasons.
  • For some framework specific payloads that are generated within the server, we don't have to rely on the SignalR message size and can instead chunk larger payloads into multiple "chained" links that then we reconstruct on the server before processing.
  • The main requirement for these "chained" payloads is that the server must be responsible for generating them and that we need to require clients sending all the parts in a given amount of time to avoid incurring in trickle attacks.
  • The idea here is to generate a list of "blocks" that we "chain" via a "sequence number" and that we require the client to deliver in the same order and at a given minimum rate.
  • We could extend this system to support certain "untrusted" inputs by requiring the consumer (the server) to specify an explicit limit.

This would cover issues like:

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-blazorIncludes: Blazor, Razor Components

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions