H1K0
591b3d2fe3
gin's Run uses a default http.Server with no timeouts, so a client could hold connections open by trickling request headers. Serve via an explicit http.Server with a 10s ReadHeaderTimeout and 120s IdleTimeout. Body read/write remain unbounded so large uploads and downloads still stream. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>