[8.13] Add `http.payloadTimeout` config option (#177309) (#177574)

# Backport

This will backport the following commits from `main` to `8.13`:
- [Add `http.payloadTimeout` config option
(#177309)](https://github.com/elastic/kibana/pull/177309)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Pierre
Gayvallet","email":"pierre.gayvallet@elastic.co"},"sourceCommit":{"committedDate":"2024-02-22T11:33:49Z","message":"Add
`http.payloadTimeout` config option (#177309)\n\n## Summary\r\n\r\nFix
https://github.com/elastic/kibana/issues/177138\r\n\r\n- Add a
`http.payloadTimeout` configuration option, to control the\r\npayload
timeout\r\n- Set the default value for this option to `20s` (was `10s`
previously)","sha":"38a3b9675d5fd7ab97b9b7a6394df67a4074de01","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Feature:http","Team:Core","release_note:skip","v8.13.0","v8.14.0"],"title":"Add
`http.payloadTimeout` config
option","number":177309,"url":"https://github.com/elastic/kibana/pull/177309","mergeCommit":{"message":"Add
`http.payloadTimeout` config option (#177309)\n\n## Summary\r\n\r\nFix
https://github.com/elastic/kibana/issues/177138\r\n\r\n- Add a
`http.payloadTimeout` configuration option, to control the\r\npayload
timeout\r\n- Set the default value for this option to `20s` (was `10s`
previously)","sha":"38a3b9675d5fd7ab97b9b7a6394df67a4074de01"}},"sourceBranch":"main","suggestedTargetBranches":["8.13"],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/177309","number":177309,"mergeCommit":{"message":"Add
`http.payloadTimeout` config option (#177309)\n\n## Summary\r\n\r\nFix
https://github.com/elastic/kibana/issues/177138\r\n\r\n- Add a
`http.payloadTimeout` configuration option, to control the\r\npayload
timeout\r\n- Set the default value for this option to `20s` (was `10s`
previously)","sha":"38a3b9675d5fd7ab97b9b7a6394df67a4074de01"}}]}]
BACKPORT-->

Co-authored-by: Pierre Gayvallet <pierre.gayvallet@elastic.co>

docs/setup/settings.asciidoc

@@ -467,6 +467,11 @@ default is `true`. *Default: `deprecated`*
 The number of milliseconds to wait before closing an
 inactive socket. *Default: `"120000"`*
 
+[[server-payloadTimeout]] `server.payloadTimeout`::
+Sets the maximum time allowed for the client to transmit the request payload (body) before giving up
+and responding with a Request Timeout (408) error response.
+*Default: `"20000"`*
+
 [[server-ssl-cert-key]] `server.ssl.certificate` and `server.ssl.key`::
 Paths to a PEM-encoded X.509 server certificate and its corresponding private key. These
 are used by {kib} to establish trust when receiving inbound SSL/TLS connections from users.

packages/core/http/core-http-server-internal/src/__snapshots__/http_config.test.ts.snap

@@ -73,6 +73,7 @@ Object {
     "valueInBytes": 1048576,
   },
   "name": "kibana-hostname",
+  "payloadTimeout": 20000,
   "port": 5601,
   "requestId": Object {
     "allowFromAnyIp": false,

packages/core/http/core-http-server-internal/src/http_config.test.ts

@@ -349,6 +349,14 @@ test('can specify socket timeouts', () => {
   expect(socketTimeout).toBe(5e5);
 });
 
+test('can specify payload timeouts', () => {
+  const obj = {
+    payloadTimeout: 654321,
+  };
+  const { payloadTimeout } = config.schema.validate(obj);
+  expect(payloadTimeout).toBe(654321);
+});
+
 describe('with compression', () => {
   test('accepts valid referrer whitelist', () => {
     const {

packages/core/http/core-http-server-internal/src/http_config.ts

@@ -26,6 +26,8 @@ import {
 } from './security_response_headers_config';
 import { CdnConfig } from './cdn_config';
 
+const SECOND = 1000;
+
 const validBasePathRegex = /^\/.*[^\/]$/;
 
 const hostURISchema = schema.uri({ scheme: ['http', 'https'] });
@@ -129,10 +131,13 @@ const configSchema = schema.object(
     rewriteBasePath: schema.boolean({ defaultValue: false }),
     ssl: sslSchema,
     keepaliveTimeout: schema.number({
-      defaultValue: 120000,
+      defaultValue: 120 * SECOND,
     }),
     socketTimeout: schema.number({
-      defaultValue: 120000,
+      defaultValue: 120 * SECOND,
+    }),
+    payloadTimeout: schema.number({
+      defaultValue: 20 * SECOND,
     }),
     compression: schema.object({
       enabled: schema.boolean({ defaultValue: true }),
@@ -278,6 +283,7 @@ export class HttpConfig implements IHttpConfig {
   public host: string;
   public keepaliveTimeout: number;
   public socketTimeout: number;
+  public payloadTimeout: number;
   public port: number;
   public cors: {
     enabled: boolean;
@@ -342,6 +348,7 @@ export class HttpConfig implements IHttpConfig {
     this.publicBaseUrl = rawHttpConfig.publicBaseUrl;
     this.keepaliveTimeout = rawHttpConfig.keepaliveTimeout;
     this.socketTimeout = rawHttpConfig.socketTimeout;
+    this.payloadTimeout = rawHttpConfig.payloadTimeout;
     this.rewriteBasePath = rawHttpConfig.rewriteBasePath;
     this.ssl = new SslConfig(rawHttpConfig.ssl || {});
     this.compression = rawHttpConfig.compression;

packages/kbn-cli-dev-mode/src/config/http_config.ts

@@ -30,6 +30,9 @@ export const httpConfigSchema = schema.object(
     socketTimeout: schema.number({
       defaultValue: 120000,
     }),
+    payloadTimeout: schema.number({
+      defaultValue: 20000,
+    }),
     cors: schema.object({
       enabled: schema.boolean({ defaultValue: false }),
       allowCredentials: schema.boolean({ defaultValue: false }),
@@ -53,6 +56,7 @@ export class HttpConfig implements IHttpConfig {
   shutdownTimeout: Duration;
   keepaliveTimeout: number;
   socketTimeout: number;
+  payloadTimeout: number;
   cors: ICorsConfig;
   ssl: ISslConfig;
   restrictInternalApis: boolean;
@@ -64,6 +68,7 @@ export class HttpConfig implements IHttpConfig {
     this.maxPayload = rawConfig.maxPayload;
     this.shutdownTimeout = rawConfig.shutdownTimeout;
     this.keepaliveTimeout = rawConfig.keepaliveTimeout;
+    this.payloadTimeout = rawConfig.payloadTimeout;
     this.socketTimeout = rawConfig.socketTimeout;
     this.cors = rawConfig.cors;
     this.ssl = new SslConfig(rawConfig.ssl);

packages/kbn-cli-dev-mode/src/integration_tests/base_path_proxy_server.test.ts

@@ -39,6 +39,7 @@ describe('BasePathProxyServer', () => {
       shutdownTimeout: moment.duration(30, 'seconds'),
       keepaliveTimeout: 1000,
       socketTimeout: 1000,
+      payloadTimeout: 1000,
       cors: {
         enabled: false,
         allowCredentials: false,

packages/kbn-health-gateway-server/src/server/server_config.test.ts

@@ -19,6 +19,7 @@ describe('server config', () => {
         "maxPayload": ByteSizeValue {
           "valueInBytes": 1048576,
         },
+        "payloadTimeout": 20000,
         "port": 3000,
         "restrictInternalApis": false,
         "shutdownTimeout": "PT30S",

packages/kbn-health-gateway-server/src/server/server_config.ts

@@ -27,6 +27,9 @@ const configSchema = schema.object(
     keepaliveTimeout: schema.number({
       defaultValue: 120000,
     }),
+    payloadTimeout: schema.number({
+      defaultValue: 20000,
+    }),
     shutdownTimeout: schema.duration({
       defaultValue: '30s',
       validate: (duration) => {
@@ -73,6 +76,7 @@ export class ServerConfig implements IHttpConfig {
   keepaliveTimeout: number;
   shutdownTimeout: Duration;
   socketTimeout: number;
+  payloadTimeout: number;
   ssl: ISslConfig;
   cors: ICorsConfig;
   restrictInternalApis: boolean;
@@ -84,6 +88,7 @@ export class ServerConfig implements IHttpConfig {
     this.keepaliveTimeout = rawConfig.keepaliveTimeout;
     this.shutdownTimeout = rawConfig.shutdownTimeout;
     this.socketTimeout = rawConfig.socketTimeout;
+    this.payloadTimeout = rawConfig.payloadTimeout;
     this.ssl = new SslConfig(rawConfig.ssl);
     this.cors = {
       enabled: false,

packages/kbn-server-http-tools/src/get_server_options.test.ts

@@ -25,6 +25,7 @@ const createConfig = (parts: Partial<IHttpConfig>): IHttpConfig => ({
   port: 5601,
   socketTimeout: 120000,
   keepaliveTimeout: 120000,
+  payloadTimeout: 20000,
   shutdownTimeout: moment.duration(30, 'seconds'),
   maxPayload: ByteSizeValue.parse('1048576b'),
   ...parts,
@@ -122,4 +123,12 @@ describe('getServerOptions', () => {
       headers: ['Accept', 'Authorization', 'Content-Type', 'If-None-Match', 'kbn-xsrf'],
     });
   });
+
+  it('properly configures `routes.payload.timeout`', () => {
+    const httpConfig = createConfig({
+      payloadTimeout: 9007,
+    });
+
+    expect(getServerOptions(httpConfig).routes!.payload!.timeout).toEqual(9007);
+  });
 });

packages/kbn-server-http-tools/src/get_server_options.ts

@@ -35,6 +35,7 @@ export function getServerOptions(config: IHttpConfig, { configureTLS = true } =
       cors,
       payload: {
         maxBytes: config.maxPayload.getValueInBytes(),
+        timeout: config.payloadTimeout,
       },
       validate: {
         failAction: defaultValidationErrorHandler,

packages/kbn-server-http-tools/src/types.ts

@@ -15,6 +15,7 @@ export interface IHttpConfig {
   maxPayload: ByteSizeValue;
   keepaliveTimeout: number;
   socketTimeout: number;
+  payloadTimeout: number;
   cors: ICorsConfig;
   ssl: ISslConfig;
   shutdownTimeout: Duration;