feat: make webhook payload size limit configurable
Add WEBHOOK_MAX_PAYLOAD_BYTES setting (default 1 MB) so deployments with larger webhook payloads can raise the limit via environment variable instead of being hard-blocked at 1 MB. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Brown
committed by
Abhimanyu Saharan
Abhimanyu Saharan
parent
acd1526acf
commit
b2fb8a082d
@@ -516,10 +516,10 @@ async def ingest_board_webhook(
|
|||||||
detail="Webhook is disabled.",
|
detail="Webhook is disabled.",
|
||||||
)
|
)
|
||||||
|
|
||||||
# Enforce a 1 MB payload size limit to prevent memory exhaustion.
|
# Enforce payload size limit to prevent memory exhaustion.
|
||||||
# Read the body in chunks via request.stream() so an attacker cannot
|
# Read the body in chunks via request.stream() so an attacker cannot
|
||||||
# cause OOM by sending a huge body with a missing/spoofed Content-Length.
|
# cause OOM by sending a huge body with a missing/spoofed Content-Length.
|
||||||
max_payload_bytes = 1_048_576
|
max_payload_bytes = settings.webhook_max_payload_bytes
|
||||||
content_length = request.headers.get("content-length")
|
content_length = request.headers.get("content-length")
|
||||||
try:
|
try:
|
||||||
cl = int(content_length) if content_length else 0
|
cl = int(content_length) if content_length else 0
|
||||||
|
|||||||
@@ -57,6 +57,9 @@ class Settings(BaseSettings):
|
|||||||
security_header_referrer_policy: str = "strict-origin-when-cross-origin"
|
security_header_referrer_policy: str = "strict-origin-when-cross-origin"
|
||||||
security_header_permissions_policy: str = ""
|
security_header_permissions_policy: str = ""
|
||||||
|
|
||||||
|
# Webhook payload size limit in bytes (default 1 MB).
|
||||||
|
webhook_max_payload_bytes: int = 1_048_576
|
||||||
|
|
||||||
# Database lifecycle
|
# Database lifecycle
|
||||||
db_auto_migrate: bool = False
|
db_auto_migrate: bool = False
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user