From 71ad45c18180ac9f9691389feb8c9ea559eba4c7 Mon Sep 17 00:00:00 2001
From: Andrew Austin <Andrew.Austin@genesys.com>
Date: Mon, 11 Jan 2021 12:45:25 -0500
Subject: [PATCH] feat: decrease the default value of maxHttpBufferSize

This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by
malicious clients sending huge amounts of data.
---
 lib/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/server.js b/lib/server.js
index c691561b6..cafee604e 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -40,7 +40,7 @@ function Server (opts) {
   this.pingTimeout = opts.pingTimeout || 5000;
   this.pingInterval = opts.pingInterval || 25000;
   this.upgradeTimeout = opts.upgradeTimeout || 10000;
-  this.maxHttpBufferSize = opts.maxHttpBufferSize || 10E7;
+  this.maxHttpBufferSize = opts.maxHttpBufferSize || 1e6;
   this.transports = opts.transports || Object.keys(transports);
   this.allowUpgrades = false !== opts.allowUpgrades;
   this.allowRequest = opts.allowRequest;