Bird
Raised Fist0
Expressframework~5 mins

Request size limits in Express

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

Request size limits help protect your server from very large requests that can slow it down or cause crashes.

When you want to stop users from sending huge files or data in one request.
When you want to keep your server fast and safe from overload.
When you expect only small amounts of data from clients and want to enforce that.
When you want to avoid accidental or malicious attacks that send too much data.
Syntax
Express
app.use(express.json({ limit: 'size' }))
app.use(express.urlencoded({ limit: 'size', extended: true }))

The limit option sets the maximum size of the request body.

You can use sizes like '100kb', '1mb', or just numbers for bytes.

Examples
Limits JSON request bodies to 100 kilobytes.
Express
app.use(express.json({ limit: '100kb' }))
Limits URL-encoded form data to 1 megabyte.
Express
app.use(express.urlencoded({ limit: '1mb', extended: true }))
Limits JSON request bodies to 50,000 bytes (about 50 KB).
Express
app.use(express.json({ limit: 50000 }))
Sample Program

This Express app limits incoming JSON data to 10 kilobytes. If a client sends more data, Express will reject it with an error.

When you send a POST request to /data with JSON data under 10kb, it responds with the keys received.

Express
import express from 'express';

const app = express();

// Limit JSON body size to 10kb
app.use(express.json({ limit: '10kb' }));

app.post('/data', (req, res) => {
  res.send(`Received data with keys: ${Object.keys(req.body).join(', ')}`);
});

app.listen(3000, () => {
  console.log('Server running on http://localhost:3000');
});
OutputSuccess
Important Notes

If a request exceeds the limit, Express sends a 413 Payload Too Large error.

You can set different limits for JSON and URL-encoded data separately.

Always set limits to protect your server from overload and attacks.

Summary

Request size limits stop very large requests from slowing or crashing your server.

Use the limit option in express.json() and express.urlencoded() middleware.

Set limits based on what your app expects to receive to keep it safe and fast.

Practice

(1/5)
1. What is the main purpose of setting a request size limit in Express middleware like express.json()?
easy
A. To increase the speed of the server by caching requests
B. To prevent very large requests from slowing down or crashing the server
C. To automatically compress large requests for faster processing
D. To allow unlimited request sizes for flexibility

Solution

  1. Step 1: Understand the role of request size limits

    Request size limits help protect the server from very large requests that can slow it down or cause crashes.

  2. Step 2: Identify the correct purpose in Express middleware

    The limit option in express.json() sets this size limit to keep the server safe and responsive.

  3. Final Answer:

    To prevent very large requests from slowing down or crashing the server -> Option B

  4. Quick Check:

    Request size limit = prevent server overload [OK]
Hint: Request size limits protect server from overload [OK]
Common Mistakes:
  • Thinking it speeds up requests by caching
  • Confusing size limit with compression
  • Assuming unlimited size is better
2. Which of the following is the correct way to set a 10kb limit on JSON request bodies in Express?
easy
A. app.use(express.json({ sizeLimit: 10 }))
B. app.use(express.json(limit = 10))
C. app.use(express.json({ maxSize: '10kb' }))
D. app.use(express.json({ limit: '10kb' }))

Solution

  1. Step 1: Recall the correct option name for size limit

    The correct option to set request size limit in express.json() is limit.

  2. Step 2: Check the correct syntax for setting 10kb

    The value should be a string with units, like '10kb'. So { limit: '10kb' } is correct.

  3. Final Answer:

    app.use(express.json({ limit: '10kb' })) -> Option D

  4. Quick Check:

    Use limit: '10kb' option [OK]
Hint: Use limit option with string size like '10kb' [OK]
Common Mistakes:
  • Using wrong option names like sizeLimit or maxSize
  • Passing number without units
  • Using assignment inside options object
3. Given this Express setup:
app.use(express.json({ limit: '5kb' }));
app.post('/data', (req, res) => {
  res.send('Received');
});

What happens if a client sends a JSON body of 10kb to /data?
medium
A. The server rejects the request with a 413 Payload Too Large error
B. The server ignores the body and responds with an empty object
C. The server crashes due to memory overflow
D. The server accepts the request and responds with 'Received'

Solution

  1. Step 1: Understand the limit setting effect

    The limit is set to 5kb, so any request body larger than 5kb will be rejected.

  2. Step 2: Identify Express behavior on large requests

    Express responds with a 413 Payload Too Large error when the body exceeds the limit.

  3. Final Answer:

    The server rejects the request with a 413 Payload Too Large error -> Option A

  4. Quick Check:

    Request > limit = 413 error [OK]
Hint: Requests over limit get 413 error response [OK]
Common Mistakes:
  • Assuming server accepts large requests anyway
  • Thinking server crashes instead of error response
  • Believing server ignores body silently
4. Consider this Express code snippet:
app.use(express.json({ limit: 10000 }));

What is the problem with this code regarding request size limits?
medium
A. There is no problem; this code sets a 10kb limit correctly
B. The limit option is not supported by express.json()
C. The limit value is too small and will reject all requests
D. The limit value should be a string with units like '10kb', not a number

Solution

  1. Step 1: Check the type of the limit option value

    The limit option accepts both numbers (in bytes) and strings with units like '10kb'.

  2. Step 2: Understand the effect of passing a number

    Passing 10000 sets the limit to 10000 bytes (approximately 10kb), which works correctly.

  3. Final Answer:

    There is no problem; this code sets a 10kb limit correctly -> Option A

  4. Quick Check:

    limit: number = bytes [OK]
Hint: Limit accepts number (bytes) or string with units [OK]
Common Mistakes:
  • Thinking it must be string with units only
  • Thinking limit option is unsupported
  • Assuming number means bytes automatically is wrong
5. You want to accept JSON requests up to 1mb but URL-encoded form data only up to 100kb in your Express app. Which setup correctly applies these limits?
hard
A. app.use(express.json({ limit: 100 * 1024 }));\napp.use(express.urlencoded({ limit: 1 * 1024 * 1024, extended: false }));
B. app.use(express.json({ maxSize: '1mb' }));\napp.use(express.urlencoded({ maxSize: '100kb', extended: true }));
C. app.use(express.json({ limit: '1mb' }));\napp.use(express.urlencoded({ limit: '100kb', extended: true }));
D. app.use(express.json({ limit: '100kb' }));\napp.use(express.urlencoded({ limit: '1mb', extended: true }));

Solution

  1. Step 1: Set JSON request limit to 1mb correctly

    Use express.json({ limit: '1mb' }) to set JSON body limit to 1 megabyte.

  2. Step 2: Set URL-encoded form data limit to 100kb correctly

    Use express.urlencoded({ limit: '100kb', extended: true }) to set form data limit to 100 kilobytes.

  3. Step 3: Verify option names and values

    Both use the correct limit option with string sizes and proper extended flag for URL-encoded.

  4. Final Answer:

    app.use(express.json({ limit: '1mb' })); app.use(express.urlencoded({ limit: '100kb', extended: true })); -> Option C

  5. Quick Check:

    Use limit strings per middleware type [OK]
Hint: Set limits separately with correct units and options [OK]
Common Mistakes:
  • Swapping limits between JSON and URL-encoded
  • Using numbers instead of strings for limits
  • Using wrong option names like maxSize