feat: decrease the default value of maxHttpBufferSize

darrachequesne · darrachequesne · commit 734f9d126884 · 2020-02-11T07:59:13.000+01:00
This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by
malicious clients sending huge amounts of data.
diff --git a/lib/server.js b/lib/server.js
@@ -26,7 +26,7 @@ class Server extends EventEmitter {
         pingTimeout: 5000,
         pingInterval: 25000,
         upgradeTimeout: 10000,
-        maxHttpBufferSize: 10e7,
+        maxHttpBufferSize: 1e6,
         transports: Object.keys(transports),
         allowUpgrades: true,
         perMessageDeflate: {
