From 734f9d1268840722c41219e69eb58318e0b2ac6b Mon Sep 17 00:00:00 2001
From: Damien Arrachequesne <damien.arrachequesne@gmail.com>
Date: Tue, 11 Feb 2020 07:57:29 +0100
Subject: [PATCH] feat: decrease the default value of maxHttpBufferSize

This change reduces the default value from 100 mb to a more sane 1 mb.

This helps protect the server against denial of service attacks by
malicious clients sending huge amounts of data.
---
 lib/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/server.js b/lib/server.js
index 527c7a0f9..9b30a4abe 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -26,7 +26,7 @@ class Server extends EventEmitter {
         pingTimeout: 5000,
         pingInterval: 25000,
         upgradeTimeout: 10000,
-        maxHttpBufferSize: 10e7,
+        maxHttpBufferSize: 1e6,
         transports: Object.keys(transports),
         allowUpgrades: true,
         perMessageDeflate: {