通过socket.io craskes crashes服务器发送消息
server > RangeError: Array buffer allocation failed │
server > at Buffer.Uint8Array (native) │
server > at FastBuffer (buffer.js:12:5) │
server > at createUnsafeBuffer (buffer.js:39:12) │
server > at arrayBufferToBuffer (/home/htdocs/socket/server/ │
node_modules/engine.io-parser/lib/index.js:371:16) │
server > at Object.exports.decodePacket (/home/htdocs/socket │
/server/node_modules/engine.io-parser/lib/index.js:159:12) │
server > at WebSocket.Transport.onData (/home/htdocs/socket/ │
server/node_modules/engine.io/lib/transport.js:116:24) │
server > at WebSocket.onData (/home/htdocs/socket/server/nod │
e_modules/engine.io/lib/transports/websocket.js:79:30) │
server > at onServerMessage (/home/htdocs/socket/server/node │
_modules/uws/uws.js:18:15)
因此,它是我的应用程序的"打开"漏洞,因为客户端写入JavaScript上的客户端,并且用户可以轻松地修改它,并且可以以某种方式禁用接受大型请求node.js是否可以轻松地修改它。/socket.io side?
nginx用于负载平衡,因此也许可以配置nginx以使大型请求无效
通过传递maxhttpbuffersize(WS中的maxpayload(参数(在字节中(
来解决const io = require('socket.io')(port, {
'maxHttpBufferSize': 1000000
});
如果DOS或太大文件,套接字将与服务器断开,服务器将继续工作正常。