Skip to content

fix: add request body size limit to proxy#7

Open
hobostay wants to merge 1 commit into
aattaran:mainfrom
hobostay:fix/proxy-body-size-limit
Open

fix: add request body size limit to proxy#7
hobostay wants to merge 1 commit into
aattaran:mainfrom
hobostay:fix/proxy-body-size-limit

Conversation

@hobostay
Copy link
Copy Markdown

@hobostay hobostay commented May 4, 2026

Summary

  • Adds a 50MB request body size limit to the model API proxy path in proxy/model-proxy.js
  • Returns HTTP 413 and destroys the connection when the limit is exceeded

Problem

The /_proxy/mode control endpoint already had a 1KB body size limit, but the main model API request path (/v1/messages) collected request body chunks into memory without any bound. A client (or a bug in the calling code) could send an arbitrarily large request body, causing the proxy Node.js process to consume unbounded memory and potentially crash.

Test plan

  • Normal usage still works: send a regular /v1/messages request through the proxy
  • Oversized request is rejected: send a >50MB body and verify 413 response

🤖 Generated with Claude Code

@claude
fix: add request body size limit to proxy model API path
e4a23ec 
The proxy had a 1KB size limit on the control endpoint (/_proxy/mode)
but no limit on model API request bodies. A client could send an
arbitrarily large request, causing memory exhaustion in the proxy
process. Add a 50MB limit with a 413 response on overflow.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hobostay