Ref T12907. At least part of the problem is that we can hit PHP's max_execution_time limit on the file download pathway.
We don't currently set this to anything in the application itself, but PHP often sets it to 30s by default (and we have it set to 30s in production).
When writing responses, remove this limit. This limit is mostly a protection against accidental loops/recurison/etc., not a process slot protection. It doesn't really protect process slots anyway, since it doesn't start counting until the request starts executing, so you can (by default) send the request as slowly as you want without hitting this limit.
By releasing the limit this late, hopefully all the loops and recursion issues have already been caught and we're left with mostly smooth sailing.
We already remove this limit when sending git clone responses in DiffusionServeController and nothing has blown up. This affects git clone http:// and similar.
(I may have had this turned off locally and/or just be too impatient to wait 30s, which is why I haven't caught this previously.)