mathias/gitea-mcp
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(mcp): cap inbound request body at 1 MiB

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mathias Bergqvist
2026-05-04 20:58:36 +02:00
parent ba5068648b
commit 93c5a6934b
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/mcp/server_test.go
View File

@@ -105,3 +105,15 @@ func TestToolsListAfterInitialize(t *testing.T) {
result := resp["result"].(map[string]any)
assert.Contains(t, result, "tools")
}
func TestPostBodyTooLarge(t *testing.T) {
srv := newServer(t)
// 2 MiB of 'a' characters — exceeds the 1 MiB cap.
payload := bytes.Repeat([]byte("a"), 2<<20)
req := httptest.NewRequest(http.MethodPost, "/", bytes.NewBuffer(payload))
req.Header.Set("Content-Type", "application/json")
rr := httptest.NewRecorder()
srv.ServeHTTP(rr, req)
assert.NotEqual(t, http.StatusOK, rr.Code, "oversized body must not return 200")
assert.Equal(t, http.StatusBadRequest, rr.Code)
}