I have an application in which I wish to limit the maximum size of a message that was sent across the wire by a connected client. Since the theoretical maximum of a message in Node.js is about 1.9 GB, I actually never want my application to allocate that big a chunk of memory if some malicious clients tries to send an over-sized packet.
How can I limit the incoming message size, to say, 1024 bytes?
By default the maximum size is 1MB and the maximum number is 32. You can adjust these limits by setting the max_size and max_queue keyword arguments of connect() or serve() .
But why are WebSockets hard to scale? The main challenge is that connections to your WebSocket server need to be persistent. And even once you've scaled out your server nodes both vertically and horizontally, you also need to provide a solution for sharing data between the nodes.
Some WebSockets security vulnerabilities arise when an attacker makes a cross-domain WebSocket connection from a web site that the attacker controls. This is known as a cross-site WebSocket hijacking attack, and it involves exploiting a cross-site request forgery (CSRF) vulnerability on a WebSocket handshake.
The WebSocket protocol allows for extensions, and with permessage-deflate, there is an upcoming compression extension for WebSocket. WebSocket compression compresses the payload of WebSocket messages which can lead to a further reduction of wire level payload by a factor of 2-15x.
To anyone looking for answer to this question in future, use maxPayload
option in server configuration to limit the message size before it is read by Node (which is almost always what you want)
const wss = new WebSocket.Server({
clientTracking: true,
maxPayload: 128 * 1024, // 128 KB
path: "/learn",
//....
})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With