chore: reduce default max payload size in webhooks to 50MB

[pasha-codefresh]

During the implementation of GHSA-jmvp-698c-4x3w, we initially set the payload size limit to 1GB by default. However, after further discussion with the SIG-Security group, we decided to reduce this limit to 50MB, as 1GB was still considered too large for a payload size.

[bunnyshell]

❌ Preview Environment deleted from Bunnyshell

Available commands (reply to this comment):

• 🚀 /bns:deploy to deploy the environment

[svghadi]

Thanks @pasha-codefresh. Suggesting few additional changes.

Doc update:

• argo-cd/docs/operator-manual/argocd-cm.yaml

  Lines 434 to 435 in 96d0226

  	# The maximum size of the payload that can be sent to the webhook server.
  	webhook.maxPayloadSizeMB: "1024"

• argo-cd/docs/operator-manual/webhook.md

  Line 22 in 96d0226

  To prevent DDoS attacks with unauthenticated webhook events (the `/api/webhook` endpoint currently lacks rate limiting protection), it is recommended to limit the payload size. You can achieve this by configuring the `argocd-cm` ConfigMap with the `webhook.maxPayloadSizeMB` attribute. The default value is 1GB.

and a nit for consistency

• argo-cd/util/webhook/webhook_test.go

  Line 63 in 96d0226

  defaultMaxPayloadSize := int64(1) * 1024 * 1024 * 1024

[pasha-codefresh]

Thanks @pasha-codefresh. Suggesting few additional changes.

Doc update:

• argo-cd/docs/operator-manual/argocd-cm.yaml

  Lines 434 to 435 in 96d0226

  	# The maximum size of the payload that can be sent to the webhook server.
  	webhook.maxPayloadSizeMB: "1024"

• argo-cd/docs/operator-manual/webhook.md

  Line 22 in 96d0226

  To prevent DDoS attacks with unauthenticated webhook events (the `/api/webhook` endpoint currently lacks rate limiting protection), it is recommended to limit the payload size. You can achieve this by configuring the `argocd-cm` ConfigMap with the `webhook.maxPayloadSizeMB` attribute. The default value is 1GB.

and a nit for consistency

• argo-cd/util/webhook/webhook_test.go

  Line 63 in 96d0226

  defaultMaxPayloadSize := int64(1) * 1024 * 1024 * 1024

Oh, thank you!

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (master@96d0226). Learn more about missing BASE report.
Report is 7 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master   #21101   +/-   ##
=========================================
  Coverage          ?   53.47%           
=========================================
  Files             ?      324           
  Lines             ?    55581           
  Branches          ?        0           
=========================================
  Hits              ?    29721           
  Misses            ?    23255           
  Partials          ?     2605           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pasha-codefresh]

@svghadi fixed

[svghadi]

LGTM. Thanks.

[nitishfy]

LGTM! Thanks

[ishitasequeira]

LGTM!!