Implement a simple file size limit for CMS API upload. In the future, using separate jira issues, this could be potentially be souped up to include general upload limits, general storage limits, etc., configurable or not for on-prem clients. But those limits are not within the scope of this issue.

Right now there is no file upload size limit at all, so if an upload takes more than [current unicorn timeout = 40 seconds], the background process is killed and the TCP connection is cut with no error message. Note that the unicorn timeout is a perfectly valid limit and should trump any other implemented limits, whether they are configurable or not.

Note also that implementing a nice error message for the unicorn timeout is not within the scope of this issue. If that is a requirement, it should be a separate issue.

Dev suggestion for file size limit is 10Mb. It would also be nice to implement this as a variable upload file size limit, set to 10M for SaaS as mentioned in this comment, which allows on-prem customers to set their own limits. (Support team should be notified about that as well.)

See description of THREESCALE-361, where some security considerations about uploads were mentioned long ago by engineering.

Informational - some dev notes about possible future enhancements that are NOT covered in this issue

• It's possible that the server could be changed from unicorn to puma or something else in the future.
• Customers may have their own proxy timeout.
• Configurable timeouts have their own complications and potential syncing with openshift.
• A possible future enhancement could be to enable a "global file size limit per provider", that would be a limit for all files uploaded by the same provider, regardless of each individual file limit.