Skip to content

Performance + security hardening (timeouts, SSRF protection, resource limits, input size limits) #8

Description

@aplgr

Goal

Harden the service for safer public exposure and more predictable performance.

Why

HTML/URL rendering is a classic attack surface (SSRF, resource exhaustion, massive inputs, slow rendering).

Scope

  • Timeouts:
    • request timeout at gateway and service
    • navigation/render timeout in Chrome
    • overall job timeout
  • Input limits:
    • max request body size
    • max HTML size
    • max URL length
  • SSRF protections for URL rendering:
    • block localhost / link-local / private ranges
    • restrict schemes to http/https
    • optional allowlist mode (recommended for production)
  • Resource limits:
    • container CPU/mem limits in compose
    • concurrency caps (global + per-token)
  • Safer defaults for Chrome (disable unnecessary features if possible)

Acceptance criteria

  • Clear, documented limits (README)
  • Requests violating limits return a structured 4xx (not 500)
  • URL rendering rejects dangerous targets by default
  • No noticeable regression for normal usage

Notes / hints

Do this in incremental PRs. Start with strict timeouts + body size limits, then add SSRF rules.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions