From 800d8cb6b0fbe03770f78e2dc9d9de9e926893c0 Mon Sep 17 00:00:00 2001
From: Andrew Noyes <andrew@weaselab.dev>
Date: Tue, 19 Aug 2025 17:33:21 -0400
Subject: [PATCH] Add TODO for enforcing max_request_size_bytes

---
 src/http_handler.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/http_handler.cpp b/src/http_handler.cpp
index ca0dd0a..daef138 100644
--- a/src/http_handler.cpp
+++ b/src/http_handler.cpp
@@ -49,6 +49,11 @@ void HttpHandler::on_data_arrived(std::string_view data,
     return;
   }
 
+  // TODO: Enforce the configured max_request_size_bytes limit here.
+  // Should track cumulative bytes received for the current HTTP request
+  // and send 413 Request Entity Too Large if limit is exceeded.
+  // This prevents DoS attacks via oversized HTTP requests.
+
   // Parse HTTP data with llhttp
   enum llhttp_errno err =
       llhttp_execute(&state->parser, data.data(), data.size());