From cc98d9169199345f47caa5023f8b407a2532f440 Mon Sep 17 00:00:00 2001
From: hrxi <hrrrxi@gmail.com>
Date: Mon, 22 Jul 2024 14:20:52 +0200
Subject: [PATCH] Limit HTTP request bodies to 1 MiB

This stops the RPC server from allocating arbitrary amounts of memory,
leading to out of memory crashes.

Fixes https://github.com/nimiq/core-rs-albatross/issues/2749.
---
 server/src/lib.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/src/lib.rs b/server/src/lib.rs
index 0647a70..f8d9ccc 100644
--- a/server/src/lib.rs
+++ b/server/src/lib.rs
@@ -206,6 +206,7 @@ impl<D: Dispatcher> Server<D> {
         let inner = Arc::clone(&self.inner);
         let post_route = warp::path::end()
             .and(warp::post())
+            .and(warp::body::content_length_limit(1024 * 1024))
             .and(warp::body::bytes())
             .and_then(move |body: Bytes| {
                 let inner = Arc::clone(&inner);