feat: add option to disable oversized payload check in JSONRPC applications

sokoliva · sokoliva · commit c2b6068238e7 · 2025-11-14T15:03:19.000Z
diff --git a/src/a2a/server/apps/jsonrpc/jsonrpc_app.py b/src/a2a/server/apps/jsonrpc/jsonrpc_app.py
@@ -185,6 +185,7 @@ def __init__(  # noqa: PLR0913
             [AgentCard, ServerCallContext], AgentCard
         ]
         | None = None,
+        disable_content_length_check: bool = False,
     ) -> None:
         """Initializes the JSONRPCApplication.
 
@@ -202,6 +203,8 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier: An optional callback to dynamically modify
               the extended agent card before it is served. It receives the
               call context.
+            disable_content_length_check: An optional, if True disables the check
+              for oversized payloads.
         """
         if not _package_starlette_installed:
             raise ImportError(
@@ -220,6 +223,7 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier=extended_card_modifier,
         )
         self._context_builder = context_builder or DefaultCallContextBuilder()
+        self._disable_content_length_check = disable_content_length_check
 
     def _generate_error_response(
         self, request_id: str | int | None, error: JSONRPCError | A2AError
@@ -291,18 +295,22 @@ async def _handle_requests(self, request: Request) -> Response:  # noqa: PLR0911
                     request_id, str | int
                 ):
                     request_id = None
-            # Treat very large payloads as invalid request (-32600) before routing
-            with contextlib.suppress(Exception):
-                content_length = int(request.headers.get('content-length', '0'))
-                if content_length and content_length > MAX_CONTENT_LENGTH:
-                    return self._generate_error_response(
-                        request_id,
-                        A2AError(
-                            root=InvalidRequestError(
-                                message='Payload too large'
-                            )
-                        ),
+            # If content lenght check is not diasbled,
+            # treat very large payloads as invalid request (-32600) before routing
+            if not self._disable_content_length_check:
+                with contextlib.suppress(Exception):
+                    content_length = int(
+                        request.headers.get('content-length', '0')
                     )
+                    if content_length and content_length > MAX_CONTENT_LENGTH:
+                        return self._generate_error_response(
+                            request_id,
+                            A2AError(
+                                root=InvalidRequestError(
+                                    message='Payload too large'
+                                )
+                            ),
+                        )
             logger.debug('Request body: %s', body)
             # 1) Validate base JSON-RPC structure only (-32600 on failure)
             try:
diff --git a/src/a2a/server/apps/jsonrpc/starlette_app.py b/src/a2a/server/apps/jsonrpc/starlette_app.py
@@ -59,6 +59,7 @@ def __init__(  # noqa: PLR0913
             [AgentCard, ServerCallContext], AgentCard
         ]
         | None = None,
+        disable_content_length_check: bool = False,
     ) -> None:
         """Initializes the A2AStarletteApplication.
 
@@ -76,6 +77,8 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier: An optional callback to dynamically modify
               the extended agent card before it is served. It receives the
               call context.
+            disable_content_length_check: An optional, if True disables the check
+            for oversized payloads.
         """
         if not _package_starlette_installed:
             raise ImportError(
@@ -90,6 +93,7 @@ def __init__(  # noqa: PLR0913
             context_builder=context_builder,
             card_modifier=card_modifier,
             extended_card_modifier=extended_card_modifier,
+            disable_content_length_check=disable_content_length_check,
         )
 
     def routes(
diff --git a/tests/server/apps/jsonrpc/test_serialization.py b/tests/server/apps/jsonrpc/test_serialization.py
@@ -6,6 +6,7 @@
 from pydantic import ValidationError
 from starlette.testclient import TestClient
 
+from a2a.server.apps.jsonrpc.jsonrpc_app import MAX_CONTENT_LENGTH
 from a2a.server.apps import A2AFastAPIApplication, A2AStarletteApplication
 from a2a.types import (
     APIKeySecurityScheme,
@@ -136,6 +137,32 @@ def test_handle_oversized_payload(agent_card_with_api_key: AgentCard):
     assert data['error']['code'] == InvalidRequestError().code
 
 
+def test_handle_oversized_payload_with_check_disabled(
+    agent_card_with_api_key: AgentCard,
+):
+    """Test handling of oversized JSON payloads when the check is disabled."""
+    handler = mock.AsyncMock()
+    app_instance = A2AStarletteApplication(
+        agent_card_with_api_key, handler, disable_content_length_check=True
+    )
+    client = TestClient(app_instance.build())
+
+    large_string = 'a' * 11 * 1_000_000  # 11MB string
+    payload = {
+        'jsonrpc': '2.0',
+        'method': 'test',
+        'id': 1,
+        'params': {'data': large_string},
+    }
+
+    response = client.post('/', json=payload)
+    assert response.status_code == 200
+    data = response.json()
+    # With the check disabled, it shouldn't return InvalidRequestError due to size.
+    # It will likely error out deeper in the handler, but not with the size-specific code.
+    assert data['error']['code'] != InvalidRequestError().code
+
+
 def test_handle_unicode_characters(agent_card_with_api_key: AgentCard):
     """Test handling of unicode characters in JSON payload."""
     handler = mock.AsyncMock()
