Define instance variable max_content_length. This commit depricates hardcoded MAX_CONTENT_LENGTH and introduces an instance variable max_content_length.

Author: sokoliva

src/a2a/server/apps/jsonrpc/fastapi_app.py

@@ -77,7 +77,7 @@ def __init__(  # noqa: PLR0913
             [AgentCard, ServerCallContext], AgentCard
         ]
         | None = None,
-        disable_content_length_check: bool = False,
+        max_content_length: int | None = 10 * 1024 * 1024,  # 10MB
     ) -> None:
         """Initializes the A2AFastAPIApplication.
 
@@ -95,8 +95,8 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier: An optional callback to dynamically modify
               the extended agent card before it is served. It receives the
               call context.
-            disable_content_length_check: An optional, if True disables the check
-              for oversized payloads.
+            max_content_length: The maximum allowed content length for incoming
+              requests. Defaults to 10MB. Set to None for unbounded maximum.
         """
         if not _package_fastapi_installed:
             raise ImportError(
@@ -111,7 +111,7 @@ def __init__(  # noqa: PLR0913
             context_builder=context_builder,
             card_modifier=card_modifier,
             extended_card_modifier=extended_card_modifier,
-            disable_content_length_check=disable_content_length_check,
+            max_content_length=max_content_length,
         )
 
     def add_routes_to_app(

src/a2a/server/apps/jsonrpc/jsonrpc_app.py

@@ -91,8 +91,6 @@
         Response = Any
         HTTP_413_REQUEST_ENTITY_TOO_LARGE = Any
 
-MAX_CONTENT_LENGTH = 10_000_000
-
 
 class StarletteUserProxy(A2AUser):
     """Adapts the Starlette User class to the A2A user representation."""
@@ -134,7 +132,7 @@ def build(self, request: Request) -> ServerCallContext:
         """
         user: A2AUser = UnauthenticatedUser()
         state = {}
-        with contextlib.suppress(Exception):
+        with contextlib.suppress(AttributeError):
             user = StarletteUserProxy(request.user)
             state['auth'] = request.auth
         state['headers'] = dict(request.headers)
@@ -185,7 +183,7 @@ def __init__(  # noqa: PLR0913
             [AgentCard, ServerCallContext], AgentCard
         ]
         | None = None,
-        disable_content_length_check: bool = False,
+        max_content_length: int | None = 10 * 1024 * 1024,  # 10MB
     ) -> None:
         """Initializes the JSONRPCApplication.
 
@@ -203,8 +201,8 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier: An optional callback to dynamically modify
               the extended agent card before it is served. It receives the
               call context.
-            disable_content_length_check: An optional, if True disables the check
-              for oversized payloads.
+            max_content_length: The maximum allowed content length for incoming
+              requests. Defaults to 10MB. Set to None for unbounded maximum.
         """
         if not _package_starlette_installed:
             raise ImportError(
@@ -223,7 +221,7 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier=extended_card_modifier,
         )
         self._context_builder = context_builder or DefaultCallContextBuilder()
-        self._disable_content_length_check = disable_content_length_check
+        self._max_content_length = max_content_length
 
     def _generate_error_response(
         self, request_id: str | int | None, error: JSONRPCError | A2AError
@@ -265,19 +263,19 @@ def _generate_error_response(
             status_code=200,
         )
 
-    def _check_content_length(self, request: Request) -> bool:
-        """Checks if the request content length exceeds the maximum allowed size.
+    def _allowed_content_length(self, request: Request) -> bool:
+        """Checks if the request content length is within the allowed maximum.
 
         Args:
             request: The incoming Starlette Request object.
 
         Returns:
-            True if the content length is within the allowed limit, False otherwise.
+            False if the content length is larger than the allowed maximum, True otherwise.
         """
-        if not self._disable_content_length_check:
-            with contextlib.suppress(Exception):
+        if self._max_content_length is not None:
+            with contextlib.suppress(ValueError):
                 content_length = int(request.headers.get('content-length', '0'))
-                if content_length and content_length > MAX_CONTENT_LENGTH:
+                if content_length and content_length > self._max_content_length:
                     return False
         return True
 
@@ -311,9 +309,8 @@ async def _handle_requests(self, request: Request) -> Response:  # noqa: PLR0911
                     request_id, str | int
                 ):
                     request_id = None
-            # If content length check is not disabled,
-            # treat very large payloads as invalid request (-32600) before routing
-            if not self._check_content_length(request):
+            # Treat payloads lager than allowed as invalid request (-32600) before routing
+            if not self._allowed_content_length(request):
                 return self._generate_error_response(
                     request_id,
                     A2AError(

src/a2a/server/apps/jsonrpc/starlette_app.py

@@ -59,7 +59,7 @@ def __init__(  # noqa: PLR0913
             [AgentCard, ServerCallContext], AgentCard
         ]
         | None = None,
-        disable_content_length_check: bool = False,
+        max_content_length: int | None = 10 * 1024 * 1024,  # 10MB
     ) -> None:
         """Initializes the A2AStarletteApplication.
 
@@ -77,8 +77,8 @@ def __init__(  # noqa: PLR0913
             extended_card_modifier: An optional callback to dynamically modify
               the extended agent card before it is served. It receives the
               call context.
-            disable_content_length_check: An optional, if True disables the check
-              for oversized payloads.
+            max_content_length: The maximum allowed content length for incoming
+              requests. Defaults to 10MB. Set to None for unbounded maximum.
         """
         if not _package_starlette_installed:
             raise ImportError(
@@ -93,7 +93,7 @@ def __init__(  # noqa: PLR0913
             context_builder=context_builder,
             card_modifier=card_modifier,
             extended_card_modifier=extended_card_modifier,
-            disable_content_length_check=disable_content_length_check,
+            max_content_length=max_content_length,
         )
 
     def routes(

tests/server/apps/jsonrpc/test_serialization.py

@@ -136,13 +136,22 @@ def test_handle_oversized_payload(agent_card_with_api_key: AgentCard):
     assert data['error']['code'] == InvalidRequestError().code
 
 
-def test_handle_oversized_payload_with_check_disabled(
+@pytest.mark.parametrize(
+    'max_content_length',
+    [
+        None,
+        11 * 1024 * 1024,
+        30 * 1024 * 1024,
+    ],
+)
+def test_handle_oversized_payload_with_max_content_length(
     agent_card_with_api_key: AgentCard,
+    max_content_length: int | None,
 ):
-    """Test handling of oversized JSON payloads when the check is disabled."""
+    """Test handling of JSON payloads with sizes within custom max_content_length."""
     handler = mock.AsyncMock()
     app_instance = A2AStarletteApplication(
-        agent_card_with_api_key, handler, disable_content_length_check=True
+        agent_card_with_api_key, handler, max_content_length=max_content_length
     )
     client = TestClient(app_instance.build())
 
@@ -157,8 +166,9 @@ def test_handle_oversized_payload_with_check_disabled(
     response = client.post('/', json=payload)
     assert response.status_code == 200
     data = response.json()
-    # With the check disabled, it shouldn't return InvalidRequestError due to size.
-    # It will likely error out deeper in the handler, but not with the size-specific code.
+    # When max_content_length is set, requests up to that size should not be
+    # rejected due to payload size. The request might fail for other reasons,
+    # but it shouldn't be an InvalidRequestError related to the content length.
     assert data['error']['code'] != InvalidRequestError().code