CA2262: Set 'MaxResponseHeadersLength' properly

Property Value
Rule ID CA2262
Title Set MaxResponseHeadersLength properly
Category Usage
Fix is breaking or non-breaking Non-breaking
Enabled by default in .NET 9 As suggestion

Cause

The HttpClientHandler.MaxResponseHeadersLength property is set to a value greater than 128.

Rule description

The HttpClientHandler.MaxResponseHeadersLength property is measured in kilobytes, not bytes. The default maximum length is 64 KB, which should be large enough for a majority of use cases. If you set the property to a value greater than 128 kilobytes, it might be due to a misunderstanding of the units of this property.

How to fix violations

If you intended to set a smaller value, update it to the desired value measured in kilobytes.

Example

HttpClientHandler handler = new()
{
    // Violation
    MaxResponseHeadersLength = 512

    // Fix (it is not possible to specify a limit lower than 1 KB)
    MaxResponseHeadersLength = 1
};

Dim handler As New HttpClientHandler With {
    ' Violation
    .MaxResponseHeadersLength = 512

    ' Fix (it is not possible to specify a limit lower than 1 KB)
    .MaxResponseHeadersLength = 1
}

When to suppress errors

It's safe to suppress this warning if the large value is intended.