From 4c9c67d5f43f435f0a017083590329361119e566 Mon Sep 17 00:00:00 2001 From: David Stockton <7375241+dstockton@users.noreply.github.com> Date: Wed, 8 Jul 2026 21:52:47 +0100 Subject: [PATCH] Document IMPORT_MAX_FILE_SIZE environment variable Added in directus/directus#27862 to cap the size of uploaded import files (background imports are spooled to disk, so an unbounded upload could fill it). Linear: CMS-2802 Claude-Session: https://claude.ai/code/session_01CYVPLXSETtvKBzWtwY6EbS --- content/configuration/security-limits.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/configuration/security-limits.md b/content/configuration/security-limits.md index 44f51df5..fdd38eae 100644 --- a/content/configuration/security-limits.md +++ b/content/configuration/security-limits.md @@ -186,5 +186,6 @@ Allows you to configure hard technical limits, to prevent abuse and optimize for | `QUERYSTRING_MAX_PARSE_DEPTH` | The maximum object depth when parsing URL query parameters using the querystring format | `10` | | `QUERYSTRING_ARRAY_LIMIT` | The array limit when parsing URL query parameters using the querystring format | `500` | | `MAX_IMPORT_ERRORS` | The maximum number of validation errors permitted while importing records before the process is cancelled and the errors returned. | `1000` | +| `IMPORT_MAX_FILE_SIZE` | The maximum size of a file uploaded to the import endpoint. Accepts number of bytes, or human readable string; no limit by default. Returns `413` when exceeded. | | [1] Defaults to `auth_login`, `auth_refresh`, `auth_password_request`, `auth_password_reset`, `users_register`, `users_register_verify`, `users_invite_accept`, `users_me_tfa_generate`, `users_me_tfa_enable`, `users_me_tfa_disable`, and `utils_cache_clear`. Setting your own list overrides these.