include::../description.adoc[] include::../ask-yourself.adoc[] include::../recommended.adoc[] == Sensitive Code Example ---- using Microsoft.AspNetCore.Mvc; public class MyController : Controller { [HttpPost] [DisableRequestSizeLimit] // Sensitive: No size limit [RequestSizeLimit(10000000)] // Sensitive: 10MB is more than the recommended limit of 8MB public IActionResult PostRequest(Model model) { // ... } [HttpPost] [RequestFormLimits(MultipartBodyLengthLimit = 8000000)] // Sensitive: 10MB is more than the recommended limit of 8MB public IActionResult MultipartFormRequest(Model model) { // ... } } ---- In Web.config: ---- ---- == Compliant Solution ---- using Microsoft.AspNetCore.Mvc; public class MyController : Controller { [HttpPost] [RequestSizeLimit(8000000)] // Compliant: 8MB public IActionResult PostRequest(Model model) { // ... } [HttpPost] [RequestFormLimits(MultipartBodyLengthLimit = 8000000)] // Compliant: 8MB public IActionResult MultipartFormRequest(Model model) { // ... } } ---- In Web.config: ---- ---- include::../see.adoc[] * https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/web-config[Web.config] - XML-formatted config file for IIS applications ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) include::../message.adoc[] include::parameters.adoc[] ''' == Comments And Links (visible only on this page) include::../comments-and-links.adoc[] endif::env-github,rspecator-view[]