From 1bf74c7d32ef6dfb29ba53d641feb8a0b7a390be Mon Sep 17 00:00:00 2001
From: John Eskew <jeskew@edx.org>
Date: Wed, 15 Nov 2017 14:16:10 -0500
Subject: [PATCH] Add disabled request limits implemented in Django 1.11

---
 cms/envs/common.py | 5 +++++
 lms/envs/common.py | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/cms/envs/common.py b/cms/envs/common.py
index f1572e34d07..ee2cd04ca08 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -1241,6 +1241,11 @@ ADVANCED_SECURITY_CONFIG = {}
 SHIBBOLETH_DOMAIN_PREFIX = 'shib:'
 OPENID_DOMAIN_PREFIX = 'openid:'
 
+# Set request limits for maximum size of a request body and maximum number of GET/POST parameters. (>=Django 1.10)
+# Limits are currently disabled - but can be used for finer-grained denial-of-service protection.
+DATA_UPLOAD_MAX_MEMORY_SIZE = None
+DATA_UPLOAD_MAX_NUMBER_FIELDS = None
+
 ### Size of chunks into which asset uploads will be divided
 UPLOAD_CHUNK_SIZE_IN_MB = 10
 
diff --git a/lms/envs/common.py b/lms/envs/common.py
index 64968ad3190..c706042f77c 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -643,6 +643,11 @@ AUTHENTICATION_BACKENDS = ['ratelimitbackend.backends.RateLimitModelBackend']
 STUDENT_FILEUPLOAD_MAX_SIZE = 4 * 1000 * 1000  # 4 MB
 MAX_FILEUPLOADS_PER_INPUT = 20
 
+# Set request limits for maximum size of a request body and maximum number of GET/POST parameters. (>=Django 1.10)
+# Limits are currently disabled - but can be used for finer-grained denial-of-service protection.
+DATA_UPLOAD_MAX_MEMORY_SIZE = None
+DATA_UPLOAD_MAX_NUMBER_FIELDS = None
+
 # Configuration option for when we want to grab server error pages
 STATIC_GRAB = False
 DEV_CONTENT = True
-- 
GitLab