From ee1223b8d31284141a471d8a555b95644714039d Mon Sep 17 00:00:00 2001
From: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Date: Fri, 25 Jun 2021 10:10:24 +1000
Subject: [PATCH] Remove default request size limit for direct uploads (#1406)

* Remove default request size limit - direct upload

* Disable size limit for self-hosted attachments
---
 src/Api/Controllers/CiphersController.cs | 6 ++++++
 src/Api/Controllers/SendsController.cs   | 1 +
 2 files changed, 7 insertions(+)

diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs
index 327c9d307d..a7c31f8f9b 100644
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@@ -622,6 +622,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/attachment/{attachmentId}")]
+        [DisableRequestSizeLimit]
         [DisableFormValueModelBinding]
         public async Task PostFileForExistingAttachment(string id, string attachmentId)
         {
@@ -630,6 +631,11 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid content.");
             }
 
+            if (!_globalSettings.SelfHosted)
+            {
+                throw new BadRequestException("Invalid endpoint for non self-hosted servers.");
+            }
+
             var userId = _userService.GetProperUserId(User).Value;
             var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
             var attachments = cipher?.GetAttachments();
diff --git a/src/Api/Controllers/SendsController.cs b/src/Api/Controllers/SendsController.cs
index b77716680a..66022e9513 100644
--- a/src/Api/Controllers/SendsController.cs
+++ b/src/Api/Controllers/SendsController.cs
@@ -249,6 +249,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/file/{fileId}")]
+        [DisableRequestSizeLimit]
         [DisableFormValueModelBinding]
         public async Task PostFileForExistingSend(string id, string fileId)
         {