The following plugins accept HTTP requests (via httpevent), and should put a limit on the size of the body of accepted requests:

• github
• travis
• webhook

Ideally: A sane default for the maximum size of request bodies should be used by each plugin, optionally allowing for tweaking via the configuration file.

This is harder than it should when using the net.http module from Prosody: the actual reading of data is buried in net.server_select, which does have maximum read/write buffer length settings, but unfortunately the module is used also for XMPP communication, and tweaking the sizes may end up in breaking XMPP processing 😞

For now I am settling on defining a max_request_size setting for the httpevent plugin, and check it against the Content-Length header (or, if not available, the size of the received body, #request.body). It's better than nothing.