Currently, it's possible to request images at arbitrary sizes. With sizes larger than the source image, Sharp will attempt to upscale the image, which is resource-intensive. With very large sizes, this can take a while and cause timeouts. It's also a waste of CPU time.

As a possible mitigation for this, we could clamp the resize values to the size of the image (e.g. resize_width = min( args.resize.width, image.width )

This is a good first step but I think we also need to consider an upper limit for the size of returned images in general because of delivery issues with large files eg if no params are passed and the original file is huge.

What are your thoughts on an arbitrary maximum size of say 3000x3000 and pass the original URL back in a header if it gets applied?

Actually latest version of sharp provides a withoutEnlargement parameter. Problem is that the aspect ratio is lost if a blown up image is requested but I'm not sure how much we care about that.