From ab127289c41550460f1a97ad45e718119f30535e Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Thu, 11 Feb 2021 17:48:12 +0000
Subject: [PATCH] security: limit socketio to 1M chars

---
 src/node/hooks/express/socketio.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/node/hooks/express/socketio.js b/src/node/hooks/express/socketio.js
index 58d2f5a44..a44e74e3a 100644
--- a/src/node/hooks/express/socketio.js
+++ b/src/node/hooks/express/socketio.js
@@ -56,6 +56,7 @@ exports.expressCreateServer = (hookName, args, cb) => {
      *   https://github.com/socketio/socket.io/issues/2276#issuecomment-147184662 (not totally true, actually, see above)
      */
     cookie: false,
+    maxHttpBufferSize: 10E3,
   });
 
   io.use((socket, next) => {