Goal
Harden the service for safer public exposure and more predictable performance.
Why
HTML/URL rendering is a classic attack surface (SSRF, resource exhaustion, massive inputs, slow rendering).
Scope
- Timeouts:
- request timeout at gateway and service
- navigation/render timeout in Chrome
- overall job timeout
- Input limits:
- max request body size
- max HTML size
- max URL length
- SSRF protections for URL rendering:
- block localhost / link-local / private ranges
- restrict schemes to http/https
- optional allowlist mode (recommended for production)
- Resource limits:
- container CPU/mem limits in compose
- concurrency caps (global + per-token)
- Safer defaults for Chrome (disable unnecessary features if possible)
Acceptance criteria
Notes / hints
Do this in incremental PRs. Start with strict timeouts + body size limits, then add SSRF rules.
Goal
Harden the service for safer public exposure and more predictable performance.
Why
HTML/URL rendering is a classic attack surface (SSRF, resource exhaustion, massive inputs, slow rendering).
Scope
Acceptance criteria
Notes / hints
Do this in incremental PRs. Start with strict timeouts + body size limits, then add SSRF rules.