We should guard clients against attacks and set a default max block/chunk size at the retrieval layer.
Fixing @helia/http to prevent endless downloads sounds better approach - once the block is in the blockstore it's too late.
It should check the content-length header before continuing the download of a block (if present) but it should also count the downloaded bytes in case the header is a lie.
Originally posted by @achingbrain in ipfs/helia-verified-fetch#188 (comment)
We should guard clients against attacks and set a default max block/chunk size at the retrieval layer.