MaxMessageSize applies only to frames, not messages #20
Description
The MaxMessageSize directive only rejects frames that are longer than the payload_limit. If an adversary sends a huge number of frames that are smaller than the MaxMessageSize, the module will happily try to buffer all of them.
Side note: why is MaxMessageSize not named WebSocketMaxMessageSize?