Didn't find any config param nor hard-coded values to limit CFSSL's API request header and body sizes.

Consider configurable (better probably) or hard-coded limits for both elements (to prevent clients from accidentally or maliciously sending a large request and wasting server resources) using i.e.

• MaxHeaderBytes for headers,
• Content-Length and MaxBytesReader for body.