From a32cb7436389c7a036387ccf4e8d8b2074b3aa67 Mon Sep 17 00:00:00 2001 From: Aniket Dixit Date: Wed, 3 Jun 2026 18:46:34 +0530 Subject: [PATCH] request bytes size --- tee_gateway/controllers/ohttp_controller.py | 9 ++++----- tee_gateway/test/test_ohttp_controller.py | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/tee_gateway/controllers/ohttp_controller.py b/tee_gateway/controllers/ohttp_controller.py index 823bf0a..9fb0fb9 100644 --- a/tee_gateway/controllers/ohttp_controller.py +++ b/tee_gateway/controllers/ohttp_controller.py @@ -88,11 +88,10 @@ _SSE_CONTENT_TYPE = "text/event-stream" # Cap on the encapsulated request size. The inner payload is a chat-completion -# JSON body; even with long conversation history this comfortably fits in a few -# hundred KB. Rejecting larger bodies up-front prevents a malicious relay from -# forcing the enclave to allocate and attempt HPKE decapsulation on arbitrarily -# large blobs. -_MAX_ENCAPSULATED_REQUEST_BYTES = 512 * 1024 +# JSON body and may include base64 image attachments; 16 MiB covers roughly a +# 10 MiB raw image after base64/JSON overhead while still bounding enclave +# memory use for malicious or accidentally huge payloads. +_MAX_ENCAPSULATED_REQUEST_BYTES = 16 * 1024 * 1024 # Fields that can re-identify a client and have no role in inference. We drop # them before forwarding to the inner handler — keeping them inside the diff --git a/tee_gateway/test/test_ohttp_controller.py b/tee_gateway/test/test_ohttp_controller.py index ebba831..ed406e1 100644 --- a/tee_gateway/test/test_ohttp_controller.py +++ b/tee_gateway/test/test_ohttp_controller.py @@ -127,7 +127,7 @@ def fake_get_tee_keys(): def test_oversized_body_returns_413(monkeypatch): sk, _ = ohttp.generate_keypair() - # Body is well past _MAX_ENCAPSULATED_REQUEST_BYTES (512 KiB). Werkzeug + # Body is well past _MAX_ENCAPSULATED_REQUEST_BYTES. Werkzeug # will set Content-Length from the data length, so the up-front check # fires before any HPKE work. app, captured, fake_keys = _make_app(lambda: ("200 OK", [], iter([])), sk)