Harden HTTP defaults and proxy header trust.
Add explicit server timeout/header limits, require trusted proxy CIDRs when honoring forwarded IP headers, and document single-instance storage expectations. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -59,8 +59,13 @@ func run(configPath string) error {
|
||||
go cleanupWorker.Start(ctx)
|
||||
|
||||
httpServer := &http.Server{
|
||||
Addr: cfg.Server.ListenAddr,
|
||||
Handler: server.Routes(),
|
||||
Addr: cfg.Server.ListenAddr,
|
||||
Handler: server.Routes(),
|
||||
ReadHeaderTimeout: cfg.Server.ReadHeaderTimeoutDur,
|
||||
ReadTimeout: cfg.Server.ReadTimeoutDur,
|
||||
WriteTimeout: cfg.Server.WriteTimeoutDur,
|
||||
IdleTimeout: cfg.Server.IdleTimeoutDur,
|
||||
MaxHeaderBytes: cfg.Server.MaxHeaderBytes,
|
||||
}
|
||||
|
||||
go func() {
|
||||
|
||||
Reference in New Issue
Block a user