prevent potential memory exhaustion from

Marek Safarik · Marek Safarik · commit 3cd9b15250a6 · 2026-03-04T19:08:23.000+01:00
unbounded form data

Signed-off-by: Marek Safarik &lt;msafarik@redhat.com&gt;
diff --git a/internal/web/server.go b/internal/web/server.go
@@ -90,6 +90,7 @@ func (s *Server) handleIndex(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *Server) handleChat(w http.ResponseWriter, r *http.Request) {
+	r.Body = http.MaxBytesReader(w, r.Body, 1<<20) // 1 MB
 	message := r.FormValue("message")
 	if message == "" {
 		http.Error(w, "Message required", http.StatusBadRequest)

Original file line number	Diff line number	Diff line change
`@@ -90,6 +90,7 @@ func (s Server) handleIndex(w http.ResponseWriter, r http.Request) {`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`func (s Server) handleChat(w http.ResponseWriter, r http.Request) {`
	`93`	`+ r.Body = http.MaxBytesReader(w, r.Body, 1<<20) // 1 MB`
`93`	`94`	`message := r.FormValue("message")`
`94`	`95`	`if message == "" {`
`95`	`96`	`http.Error(w, "Message required", http.StatusBadRequest)`