mathias/gitea-mcp
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(mcp): cap inbound request body at 1 MiB

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mathias Bergqvist
2026-05-04 20:58:36 +02:00
parent ba5068648b
commit 93c5a6934b
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/mcp/server.go
View File

@@ -8,7 +8,10 @@ import (
"gitea.d-ma.be/mathias/gitea-mcp/internal/registry"
)
const ProtocolVersion = "2025-06-18"
const (
ProtocolVersion = "2025-06-18"
maxRequestBodyBytes = 1 << 20 // 1 MiB
)
type ServerOptions struct {
Registry *registry.Registry
@@ -38,6 +41,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
func (s *Server) handlePOST(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestBodyBytes) // 1 MiB cap
var req Request
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeJSON(w, http.StatusBadRequest, NewErrorResponse(nil, -32700, "parse error", nil))