Throw BadHttpRequestException when decompressed data exceeds request body size limit (#61812)

feiyun0112 · web-flow · commit 7e446c6adb9a · 2025-05-12T18:29:36.000Z
diff --git a/src/Middleware/RequestDecompression/src/RequestDecompressionMiddleware.cs b/src/Middleware/RequestDecompression/src/RequestDecompressionMiddleware.cs
@@ -62,7 +62,9 @@ private async Task InvokeCore(HttpContext context, Stream decompressionStream)
                 context.GetEndpoint()?.Metadata?.GetMetadata<IRequestSizeLimitMetadata>()?.MaxRequestBodySize
                     ?? context.Features.Get<IHttpMaxRequestBodySizeFeature>()?.MaxRequestBodySize;
 
-            context.Request.Body = new SizeLimitedStream(decompressionStream, sizeLimit);
+            context.Request.Body = new SizeLimitedStream(decompressionStream, sizeLimit, static (long sizeLimit) => throw new BadHttpRequestException(
+                    $"The decompressed request body is larger than the request body size limit {sizeLimit}.",
+                    StatusCodes.Status413PayloadTooLarge));
             await _next(context);
         }
         finally
diff --git a/src/Middleware/RequestDecompression/test/RequestDecompressionMiddlewareTests.cs b/src/Middleware/RequestDecompression/test/RequestDecompressionMiddlewareTests.cs
@@ -499,8 +499,8 @@ public async Task Endpoint_HasRequestSizeLimit_UsedForRequest(bool exceedsLimit)
         if (exceedsLimit)
         {
             Assert.NotNull(exception);
-            Assert.IsAssignableFrom<InvalidOperationException>(exception);
-            Assert.Equal("The maximum number of bytes have been read.", exception.Message);
+            Assert.IsAssignableFrom<BadHttpRequestException>(exception);
+            Assert.Equal(StatusCodes.Status413PayloadTooLarge, ((BadHttpRequestException)exception).StatusCode);
         }
         else
         {
@@ -583,8 +583,8 @@ public async Task Feature_HasRequestSizeLimit_UsedForRequest(bool exceedsLimit)
         if (exceedsLimit)
         {
             Assert.NotNull(exception);
-            Assert.IsAssignableFrom<InvalidOperationException>(exception);
-            Assert.Equal("The maximum number of bytes have been read.", exception.Message);
+            Assert.IsAssignableFrom<BadHttpRequestException>(exception);
+            Assert.Equal(StatusCodes.Status413PayloadTooLarge, ((BadHttpRequestException)exception).StatusCode);
         }
         else
         {
diff --git a/src/Shared/SizeLimitedStream.cs b/src/Shared/SizeLimitedStream.cs
@@ -1,19 +1,22 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+#nullable enable
+
 internal sealed class SizeLimitedStream : Stream
 {
     private readonly Stream _innerStream;
     private readonly long? _sizeLimit;
-
+    private readonly Action<long>? _handleSizeLimit;
     private long _totalBytesRead;
 
-    public SizeLimitedStream(Stream innerStream, long? sizeLimit)
+    public SizeLimitedStream(Stream innerStream, long? sizeLimit, Action<long>? handleSizeLimit = null)
     {
         ArgumentNullException.ThrowIfNull(innerStream);
 
         _innerStream = innerStream;
         _sizeLimit = sizeLimit;
+        _handleSizeLimit = handleSizeLimit;
     }
 
     public override bool CanRead => _innerStream.CanRead;
@@ -48,7 +51,14 @@ public override int Read(byte[] buffer, int offset, int count)
         _totalBytesRead += bytesRead;
         if (_totalBytesRead > _sizeLimit)
         {
-            throw new InvalidOperationException("The maximum number of bytes have been read.");
+            if (_handleSizeLimit != null)
+            {
+                _handleSizeLimit(_sizeLimit.Value);
+            }
+            else
+            {
+                throw new InvalidOperationException("The maximum number of bytes have been read.");
+            }
         }
 
         return bytesRead;
@@ -81,7 +91,14 @@ public override async ValueTask<int> ReadAsync(Memory<byte> buffer, Cancellation
         _totalBytesRead += bytesRead;
         if (_totalBytesRead > _sizeLimit)
         {
-            throw new InvalidOperationException("The maximum number of bytes have been read.");
+            if (_handleSizeLimit != null)
+            {
+                _handleSizeLimit(_sizeLimit.Value);
+            }
+            else
+            {
+                throw new InvalidOperationException("The maximum number of bytes have been read.");
+            }
         }
 
         return bytesRead;

Original file line number	Diff line number	Diff line change
`@@ -499,8 +499,8 @@ public async Task Endpoint_HasRequestSizeLimit_UsedForRequest(bool exceedsLimit)`
`499`	`499`	`if (exceedsLimit)`
`500`	`500`	`{`
`501`	`501`	`Assert.NotNull(exception);`
`502`		`- Assert.IsAssignableFrom<InvalidOperationException>(exception);`
`503`		`- Assert.Equal("The maximum number of bytes have been read.", exception.Message);`
	`502`	`+ Assert.IsAssignableFrom<BadHttpRequestException>(exception);`
	`503`	`+ Assert.Equal(StatusCodes.Status413PayloadTooLarge, ((BadHttpRequestException)exception).StatusCode);`
`504`	`504`	`}`
`505`	`505`	`else`
`506`	`506`	`{`
`@@ -583,8 +583,8 @@ public async Task Feature_HasRequestSizeLimit_UsedForRequest(bool exceedsLimit)`
`583`	`583`	`if (exceedsLimit)`
`584`	`584`	`{`
`585`	`585`	`Assert.NotNull(exception);`
`586`		`- Assert.IsAssignableFrom<InvalidOperationException>(exception);`
`587`		`- Assert.Equal("The maximum number of bytes have been read.", exception.Message);`
	`586`	`+ Assert.IsAssignableFrom<BadHttpRequestException>(exception);`
	`587`	`+ Assert.Equal(StatusCodes.Status413PayloadTooLarge, ((BadHttpRequestException)exception).StatusCode);`
`588`	`588`	`}`
`589`	`589`	`else`
`590`	`590`	`{`