CA2262: Set 'MaxResponseHeadersLength' properly
| Property | Value |
|---|---|
| Rule ID | CA2262 |
| Title | Set MaxResponseHeadersLength properly |
| Category | Usage |
| Fix is breaking or non-breaking | Non-breaking |
| Enabled by default in .NET 9 | As suggestion |
Cause
The HttpClientHandler.MaxResponseHeadersLength property is set to a value greater than 128.
Rule description
The HttpClientHandler.MaxResponseHeadersLength property is measured in kilobytes, not bytes. The default maximum length is 64 KB, which should be large enough for a majority of use cases. If you set the property to a value greater than 128 kilobytes, it might be due to a misunderstanding of the units of this property.
How to fix violations
If you intended to set a smaller value, update it to the desired value measured in kilobytes.
Example
HttpClientHandler handler = new()
{
// Violation
MaxResponseHeadersLength = 512
// Fix (it is not possible to specify a limit lower than 1 KB)
MaxResponseHeadersLength = 1
};
Dim handler As New HttpClientHandler With {
' Violation
.MaxResponseHeadersLength = 512
' Fix (it is not possible to specify a limit lower than 1 KB)
.MaxResponseHeadersLength = 1
}
When to suppress errors
It's safe to suppress this warning if the large value is intended.
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
