From 0893d21deddc3a87bad2672fc0a920ee809e7dec Mon Sep 17 00:00:00 2001
From: Arian Nasr <arian@2ari.ca>
Date: Fri, 1 May 2026 06:30:12 -0400
Subject: [PATCH] perf(upload) add MAX_CONTENT_LENGTH to prevent DoS

---
 main.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/main.py b/main.py
index 921d8cf..df5914a 100644
--- a/main.py
+++ b/main.py
@@ -8,9 +8,11 @@ from werkzeug.utils import secure_filename
 
 UPLOAD_FOLDER = os.environ.get('NAVIDROME_MUSIC_FOLDER', '/opt/navidrome/music')
 ALLOWED_EXTENSIONS = {'flac', 'mp3', 'wav'}
+MAX_CONTENT_LENGTH = 500 * 1024 * 1024
 
 app = Flask(__name__)
 app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
+app.config['MAX_CONTENT_LENGTH'] = MAX_CONTENT_LENGTH
 
 def allowed_file(filename):
     return '.' in filename and \