Viewed   66 times

Sorry if this is duplicate,I would think it would be but couldn't find anything.

I have a flex application that I am posting data back to a php/mysql server via IE. I haven't run into any problems yet, but knowing this ahead of time might save me a bunch of frustration and work. Is there a size limit to posting data via http?

This article says no:

This discussion says yes:

And it all goes back and forth what I'm able to find online. So please limit answers to personally tested/verified numbers.

I am wanting to post back an XML string that can be quite large (say up to 5mb).

If it makes any difference: browser will always be IE (our product requires it), post is coming from and httpService in flex, web server is php, DB is mySql.



It depends on a server configuration. If you're working with PHP under Linux or similar, you can control it using .htaccess configuration file, like so:

#set max post size
php_value post_max_size 20M

And, yes, I can personally attest to the fact that this works :)

If you're using IIS, I don't have any idea how you'd set this particular value.

Saturday, August 13, 2022

Citing MDN on this:

Length limitations

Although Mozilla supports data URIs of essentially unlimited length, browsers are not required to support any particular maximum length of data. For example, the Opera 11 browser limits data URIs to around 65000 characters.

And, where you can also look up the support across browsers:

Support in Internet Explorer 8 is limited to images and linked resources like CSS files, not HTML files. Max URI length in IE8 is 32KB. In IE9 JavaScript files are supported too and the maximum size limit set to 4GB.

Tuesday, September 6, 2022

You may want to use a different mechanism anyway. Referrers are easily spoofed. Checking referrers really isn't a good security solution, and if they're going to cause you headaches like this, maybe you want to find another way.

For example, the server generating the first page could add an authorization token to the URLs to the second server, and the second server could check that the tokens are valid. This way, all of the details are under your control, and the only browser behavior you're counting on is that the full URL is sent to the second server.

Saturday, August 13, 2022

In PL/SQL procedure it may be up to 32KB

Futher information here:

Wednesday, November 23, 2022

The construct was removed as a security feature. Storing passwords in plain text is a bad idea to start with, and this form of the url was a frequently used attack vector for phishing attacks. The article you link to lists some work-arounds... can you not just prompt the user to enter a password?

If you give a little more details about what you're doing, it's possible a better solution may be found.

Monday, September 12, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :