Add a middleware to enforce request size limits

[pranavkm]

A couple of limits are enforced by MVC filters. In addition, part of the Request Decompression middleware - #40080 limits specified by RequestSizeLimitAttribute are enforced for compressed requests if the middleware is present (e.g. Content-Encoding: gz), but not for regular requests.

The suggestion is to introduce a new middleware that can enforce request size limits. The middleware's primarily role is to configure existing HTTP features based on the presence of attributes on endpoints. In addition to this, we can have endpoint middleware enforce that the middleware was present if it detects endpoints with size limiting attributes.

• https://github.com/dotnet/aspnetcore/blob/main/src/Mvc/Mvc.Core/src/RequestSizeLimitAttribute.cs
• https://github.com/dotnet/aspnetcore/blob/main/src/Mvc/Mvc.Core/src/RequestFormLimitsAttribute.cs

[pranavkm]

FYI @halter73 / @Tratcher

[Tratcher]

https://github.com/dotnet/aspnetcore/blob/main/src/Mvc/Mvc.Core/src/DisableRequestSizeLimitAttribute.cs

Thanks for contacting us.

We're moving this issue to the .NET 7 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

Thanks for contacting us.

We're moving this issue to the .NET 8 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[Tratcher]

YARP needs this too: dotnet/yarp#640