Add WebSocket maxPayload limit (64KB) (FRE-4747)

Set maxPayload: 65536 on WebSocketServer constructor to bound per-message memory usage, addressing security review recommendation M1 from FRE-4474.
2026-05-09 16:44:56 -04:00
parent a10ef7eb70
commit e5294ec712
1 changed files with 1 additions and 0 deletions
--- a/services/spamshield/src/websocket/alert-server.ts
+++ b/services/spamshield/src/websocket/alert-server.ts
@@ -58,6 +58,7 @@ export class AlertServer {
    this.wss = new WebSocketServer({
      port: this.config.port,
      host: this.config.host,
+      maxPayload: 65536, // 64KB limit to prevent memory exhaustion attacks
    });
    
    this.setupWebSocketHandlers();