search

sveltejs / kit

web development, streamlined
https://kit.svelte.dev
MIT License
18.59k stars 1.92k forks source link

adapter-node: file uploads > 512KB are broken #7758

Closed rburgst closed 1 year ago

rburgst commented 1 year ago

Describe the bug

It is not possible to upload images of 2MB or larger (probably even larger than 512KB) even when setting BODY_SIZE_LIMIT=10000000.

Reproduction

https://github.com/rburgst/test-sveltekit-large-upload

To reproduce

  1. pnpm install
  2. pnpm build
  3. pnpm serve
  4. open the browser at http://localhost:3000/
  5. upload an image between 3 and 9 MB, e.g. https://unsplash.com/photos/3wZn6OsNBnM (large resolution)

Expected

you should see log output in the console of the server stating that the file is being saved to /tmp/upload.jpg.

Actual

console shows nothing and server just sits there hanging. The POST in the browser never completes.

Logs

N/A

System Info

System:
    OS: macOS 13.0
    CPU: (10) arm64 Apple M1 Pro
    Memory: 70.45 MB / 32.00 GB
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 16.17.0 - ~/.volta/tools/image/node/16.17.0/bin/node
    Yarn: 1.22.18 - ~/.volta/tools/image/yarn/1.22.18/bin/yarn
    npm: 8.19.2 - ~/.volta/tools/image/npm/8.19.2/bin/npm
  Browsers:
    Brave Browser: 107.1.45.123
    Chrome: 107.0.5304.110
    Firefox: 106.0.5
    Safari: 16.1
  npmPackages:
    @sveltejs/adapter-auto: next => 1.0.0-next.89 
    @sveltejs/adapter-node: 1.0.0-next.101 => 1.0.0-next.101 
    @sveltejs/kit: next => 1.0.0-next.556 
    svelte: ^3.44.0 => 3.53.1 
    vite: ^3.1.0 => 3.2.4

Severity

blocking an upgrade

Additional Information

No response

repsac-by commented 1 year ago

I can't reproduce.

The POST in the browser never completes.

What kind of error do you see?

In beside BODY_SIZE_LIMIT you also need to specify ORIGIN

rburgst commented 1 year ago

What kind of error do you see?

grafik

The browser request just hangs in there in "(pending)" state and never completes (at least not within a minute). Nothing is shown in the server log.

In beside BODY_SIZE_LIMIT you also need to specify ORIGIN

Hmm, when setting ORIGIN=http://localhost:3000 it works

"scripts": {
... 
        "serve": "ORIGIN=http://localhost:3000 BODY_SIZE_LIMIT=10000000 node build/index.js",
}

That doesnt really make too much sense to me why it would hang if I dont set the origin. Why would that have an impact on file uploads in particular?

repsac-by commented 1 year ago

That doesnt really make too much sense to me why it would hang if I dont set the origin. Why would that have an impact on file uploads in particular?

This affects sending forms with the POST method because ORIGIN is used to check the CSRF

repsac-by commented 1 year ago

The browser request just hangs in there in "(pending)" state and never completes (at least not within a minute).

Weird because in my case appears 403: Cross-site POST form submissions are forbidden

dummdidumm commented 1 year ago

Thank you @repsac-by for digging into this - closing as there's no error on SvelteKit's side here. If there's a reason within SvelteKit why this hangs for @rburgst we can fix that separately.

rburgst commented 1 year ago

I asked my colleague to test it and also he can replicate the hang in the browser. Are you sure you are running pnpm serve (without the ORIGIN env var)? IMHO this is definitely a bug as it should produce some kind of response and not just hang.

rburgst commented 1 year ago

note that you get the error if you use pnpm dev (but then you are not using the node adapter)

rburgst commented 1 year ago

@repsac-by @dummdidumm can you please check? IMHO the server will simply stall if ORIGIN is not set

dummdidumm commented 1 year ago

Can't reproduce this, I'm on windows and I'm running this command: "serve": "set BODY_SIZE_LIMIT=1 && node build/index.js" (size limit to a minimum so I can use any file to trigger the "too large" error). I get a 413 as expected.

rburgst commented 1 year ago

@dummdidumm I fear that all you have established is that the problem does not happen in situations with small files. I am fairly certain that it would have been found and fixed already if it was so easy to replicate. Also for me it does not happen with trivially small files. Please use the image that is referenced in the readme and use the original settings in the repo and I am certain you will be able to replicate it.

My gut tells me that everything will work fine so long as there is only a single chunk. So you have to use larger files (as also indicated in the issue title).

dummdidumm commented 1 year ago

Still can't reproduce, I get "Cross-site POST form submissions are forbidden" instantly.

rburgst commented 1 year ago

that is indeed very odd. My colleague and me both are able to produce it but we are both on macs.

dominikg commented 1 year ago

can't reproduce either, linux, node18. which browser are you using and what's the exact origin in the url bar?

rburgst commented 1 year ago

this is indeed very odd. I have a colleague on windows and he cannot reproduce the problem either.

My setup

grafik

As you can see in the screenshot my server handler function is not being hit. Instead this screenshot was made 60s after pushing the submit button.