Background
For server to server communication we are hashing request/response payloads with a shared key and storing the hash in a http header.
Issue
We are running into an issue with a controller returning a large payload (base64 string of a pdf doc) and the http header containing the hash is not being written to the response. This appears to be due to exceeding the size limit of 8KB (8192). See this post for more information on the size limit for Tomcat 7: Is there a practical HTTP Header length limit?
Solution Tried
-
I tried setting the following tomcat settings which did not have an effect:
maxHttpHeaderSize="16384" maxTrailerSize="-1" maxExtensionSize="-1" socket.appReadBufSize="16384" socket.appWriteBufSize="16384" bufferSize="16384" -
I can set the response buffer size to something greater than 8192 in the controller I do see the hash value http header written to the response. The problem with this solution is the response buffer size is set for subsequent responses that use the same thread. If you try to set the buffer size back to 8192 you will get an exception : «Cannot change buffer size after data has been written»
class TestController {
def index() {
response.setBufferSize( 9216 )
def size = 8193
render «A» * size
}
}
System Information
Grails 2.5.2
Tomcat 7
Java 1.8 Build 66
Windows 7 Enterprise 64 bit
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
Questions
- Has anyone been able to use the tomcat settings in server.xml to solve this problem?
- Is there a point in the request life cycle that the response buffer size can be returned to the default size?
- Should I worry about setting the buffer size back? Does the buffer size affect memory consumption?
asked Nov 24, 2015 at 14:32
3
[VERBOSE-2:ui_dart_state.cc(157)] Unhandled Exception: Header value exceeds the 8192 size limit
#0 IOClient.send (package:http/src/io_client.dart:62:7)
<asynchronous suspension>
#1 BaseClient._sendUnstreamed (package:http/src/base_client.dart:176:38)
#2 BaseClient.post (package:http/src/base_client.dart:58:7)
#3 post.<anonymous closure> (package:http/http.dart:70:16)
#4 _withClient (package:http/http.dart:166:20)
#5 post (package:http/http.dart:69:5)
#6 UserAuthenticationService.authenticate (package:halivent/models/user_authentication_service.dart:143:36)
info • Unused import: 'package:halivent/screens/action_screen.dart' • lib/models/action_item_service.dart:15:8 • unused_import
info • Unused import: 'dart:async' • lib/models/conversation.dart:1:8 • unused_import
info • Unused import: '../themes.dart' • lib/models/conversation.dart:7:8 • unused_import
info • Unused import: 'package:halivent/models/user_connections.dart' • lib/models/conversation_message_attachment_action.dart:4:8 • unused_import
info • The value of the local variable 'statuses' isn't used • lib/models/platform_permission_service.dart:34:45 • unused_local_variable
info • Unused import: 'dart:convert' • lib/screens/attachment_image_screen.dart:1:8 • unused_import
info • Unused import: 'package:flutter/services.dart' • lib/screens/attachment_image_screen.dart:5:8 • unused_import
info • The value of the field '_error' isn't used • lib/screens/attachment_image_screen.dart:21:10 • unused_field
info • The value of the local variable 'asset' isn't used • lib/screens/attachment_image_screen.dart:173:27 • unused_local_variable
info • Unused import: 'package:halivent/models/conversation_message.dart' • lib/screens/attachment_poll_screen.dart:3:8 • unused_import
info • Unused import: 'package:provider/provider.dart' • lib/screens/authentication_signin_screen.dart:11:8 • unused_import
info • Unused import: 'dart:math' • lib/screens/connections_screen.dart:1:8 • unused_import
info • Unused import: 'conversation_initiation_screen.dart' • lib/screens/conversations_screen.dart:11:8 • unused_import
info • 'body2' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText1. This feature
was deprecated after v1.13.8. • lib/screens/group_creation_screen.dart:160:91 • deprecated_member_use
info • 'body2' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText1. This feature
was deprecated after v1.13.8. • lib/screens/group_creation_screen.dart:269:66 • deprecated_member_use
info • The declaration '_getPosition' isn't referenced • lib/screens/plan_eventuality_screen.dart:29:3 • unused_element
info • Unused import: 'package:geolocator/geolocator.dart' • lib/screens/plan_screen.dart:6:8 • unused_import
info • Unused import: 'package:halivent/models/platform_permission_service.dart' • lib/screens/plan_screen.dart:8:8 • unused_import
info • Unused import: 'package:halivent/widgets/conversation_item_widget.dart' • lib/screens/share_with_screen.dart:10:8 • unused_import
info • 'display1' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is headline4. This
feature was deprecated after v1.13.8. • lib/themes.dart:61:3 • deprecated_member_use
info • 'headline' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is headline5. This
feature was deprecated after v1.13.8. • lib/themes.dart:62:3 • deprecated_member_use
info • 'title' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is headline6. This feature
was deprecated after v1.13.8. • lib/themes.dart:63:3 • deprecated_member_use
info • 'subtitle' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is subtitle2. This
feature was deprecated after v1.13.8. • lib/themes.dart:64:3 • deprecated_member_use
info • 'body2' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText1. This feature
was deprecated after v1.13.8. • lib/themes.dart:65:3 • deprecated_member_use
info • 'body1' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText2. This feature
was deprecated after v1.13.8. • lib/themes.dart:66:3 • deprecated_member_use
info • 'display1' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is headline4. This
feature was deprecated after v1.13.8. • lib/themes.dart:71:3 • deprecated_member_use
info • 'headline' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is headline5. This
feature was deprecated after v1.13.8. • lib/themes.dart:72:3 • deprecated_member_use
info • 'title' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is headline6. This feature
was deprecated after v1.13.8. • lib/themes.dart:73:3 • deprecated_member_use
info • 'subtitle' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is subtitle2. This
feature was deprecated after v1.13.8. • lib/themes.dart:74:3 • deprecated_member_use
info • 'body2' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText1. This feature
was deprecated after v1.13.8. • lib/themes.dart:75:3 • deprecated_member_use
info • 'body1' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText2. This feature
was deprecated after v1.13.8. • lib/themes.dart:76:3 • deprecated_member_use
info • 'body2' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText1. This feature
was deprecated after v1.13.8. • lib/themes.dart:189:52 • deprecated_member_use
info • 'body2' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText1. This feature
was deprecated after v1.13.8. • lib/themes.dart:218:52 • deprecated_member_use
info • Name non-constant identifiers using lowerCamelCase • lib/utils/stomp_custom_client.dart:57:8 • non_constant_identifier_names
info • Unused import: 'package:halivent/models/user.dart' • lib/views/registration_contact_info.dart:3:8 • unused_import
info • The member 'setState' can only be used within instance members of subclasses of 'package:flutter/src/widgets/framework.dart' •
lib/views/registration_contact_info.dart:48:31 • invalid_use_of_protected_member
info • The member 'setState' can only be used within instance members of subclasses of 'package:flutter/src/widgets/framework.dart' •
lib/views/registration_contact_info_verification.dart:45:29 • invalid_use_of_protected_member
info • The member 'setState' can only be used within instance members of subclasses of 'package:flutter/src/widgets/framework.dart' •
lib/views/registration_contact_info_verification.dart:58:27 • invalid_use_of_protected_member
info • 'body2' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText1. This feature
was deprecated after v1.13.8. • lib/widgets/connection_item_widgets.dart:75:60 • deprecated_member_use
info • 'body2' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText1. This feature
was deprecated after v1.13.8. • lib/widgets/connection_item_widgets.dart:84:30 • deprecated_member_use
info • Unused import: '../constants.dart' • lib/widgets/message_attachment_action_widget.dart:11:8 • unused_import
info • Unused import: 'package:halivent/models/conversation_service.dart' • lib/widgets/message_attachment_images_widget.dart:8:8 • unused_import
info • Unused import: '../endpoints.dart' • lib/widgets/message_attachment_images_widget.dart:11:8 • unused_import
info • Unused import: 'dart:math' • lib/widgets/message_attachment_pool_widget.dart:1:8 • unused_import
info • 'body1' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText2. This feature
was deprecated after v1.13.8. • lib/widgets/message_attachment_pool_widget.dart:195:53 • deprecated_member_use
info • 'body1' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText2. This feature
was deprecated after v1.13.8. • lib/widgets/message_attachment_pool_widget.dart:229:49 • deprecated_member_use
info • Name non-constant identifiers using lowerCamelCase • lib/widgets/message_text_bot_widget.dart:162:14 • non_constant_identifier_names
info • Name non-constant identifiers using lowerCamelCase • lib/widgets/message_text_widget.dart:401:14 • non_constant_identifier_names
info • 'body1' is deprecated and shouldn't be used. This is the term used in the 2014 version of material design. The modern term is bodyText2. This feature
was deprecated after v1.13.8. • lib/widgets/scroll_bar_widget.dart:34:52 • deprecated_member_use
info • Unused import: 'dart:convert' • test/utils/rsa_encryption_client_test.dart:1:8 • unused_import
[✓] Flutter (Channel stable, v1.17.0, on Mac OS X 10.15.4 19E287, locale en-US)
• Flutter version 1.17.0 at /Users/kentaki/apps/flutter
• Framework revision e6b34c2b5c (5 days ago), 2020-05-02 11:39:18 -0700
• Engine revision 540786dd51
• Dart version 2.8.1
[✓] Android toolchain - develop for Android devices (Android SDK version 28.0.3)
• Android SDK at /Users/kentaki/Library/Android/sdk
• Platform android-29, build-tools 28.0.3
• ANDROID_HOME = /Users/kentaki/Library/Android/sdk
• Java binary at: /Applications/Android Studio.app/Contents/jre/jdk/Contents/Home/bin/java
• Java version OpenJDK Runtime Environment (build 1.8.0_202-release-1483-b49-5587405)
• All Android licenses accepted.
[✓] Xcode - develop for iOS and macOS (Xcode 11.1)
• Xcode at /Applications/Xcode.app/Contents/Developer
• Xcode 11.1, Build version 11A1027
• CocoaPods version 1.8.4
[✓] Android Studio (version 3.5)
• Android Studio at /Applications/Android Studio.app/Contents
• Flutter plugin version 41.1.2
• Dart plugin version 191.8593
• Java version OpenJDK Runtime Environment (build 1.8.0_202-release-1483-b49-5587405)
[!] IntelliJ IDEA Ultimate Edition (version 2018.3)
• IntelliJ at /Applications/IntelliJ IDEA.app
✗ Flutter plugin not installed; this adds Flutter specific functionality.
✗ Dart plugin not installed; this adds Dart specific functionality.
• For information about installing plugins, see
https://flutter.dev/intellij-setup/#installing-the-plugins
[!] VS Code (version 1.44.2)
• VS Code at /Applications/Visual Studio Code.app/Contents
✗ Flutter extension not installed; install from
https://marketplace.visualstudio.com/items?itemName=Dart-Code.flutter
[✓] Connected device (2 available)
• Nexus 6P • 84B7N17317001023 • android-arm64 • Android 8.1.0 (API 27)
• iPhone 11 Pro • B61F2464-E302-467D-9DE3-08DAA65E9E27 • ios • com.apple.CoreSimulator.SimRuntime.iOS-13-1 (simulator)
! Doctor found issues in 2 categories.
Question:
An error occurs when Webflux uploads a file:
14:32:24.628 [61667d78915db10adaa025b4da32871f/daa025b4da32871f] [reactor-http-epoll-4] ERROR o.s.w.s.a.HttpWebHandlerAdapter - [7161d1a8-33] 500 Server Error for HTTP POST "/api/XXXXX/XXXXX"
org.springframework.core.io.buffer.DataBufferLimitException: Part headers exceeded the memory usage limit of 8192 bytes
at org.springframework.http.codec.multipart.MultipartParser$HeadersState.onNext(MultipartParser.java:360)
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the following site(s):
|_ checkpoint ⇢ org.springframework.security.web.server.authentication.logout.LogoutWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.authentication.AuthenticationWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.authentication.AuthenticationWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.context.ReactorContextWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.header.HttpHeaderWriterWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.cloud.sleuth.instrument.web.TraceWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ org.springframework.boot.actuate.metrics.web.reactive.server.MetricsWebFilter [DefaultWebFilterChain]
|_ checkpoint ⇢ HTTP POST "/api/iot/notice/add" [ExceptionHandlingWebHandler]
Stack trace:
at org.springframework.http.codec.multipart.MultipartParser$HeadersState.onNext(MultipartParser.java:360)
at org.springframework.http.codec.multipart.MultipartParser.hookOnNext(MultipartParser.java:104)
at org.springframework.http.codec.multipart.MultipartParser.hookOnNext(MultipartParser.java:46)
at reactor.core.publisher.BaseSubscriber.onNext(BaseSubscriber.java:160)
at org.springframework.cloud.sleuth.instrument.reactor.ScopePassingSpanSubscriber.onNext(ScopePassingSpanSubscriber.java:90)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:120)
at org.springframework.cloud.sleuth.instrument.reactor.ScopePassingSpanSubscriber.onNext(ScopePassingSpanSubscriber.java:90)
at reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:199)
at org.springframework.cloud.sleuth.instrument.reactor.ScopePassingSpanSubscriber.onNext(ScopePassingSpanSubscriber.java:90)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:120)
at reactor.netty.channel.FluxReceive.drainReceiver(FluxReceive.java:265)
at reactor.netty.channel.FluxReceive.onInboundNext(FluxReceive.java:371)
at reactor.netty.channel.ChannelOperations.onInboundNext(ChannelOperations.java:381)
at reactor.netty.http.server.HttpServerOperations.onInboundNext(HttpServerOperations.java:535)
at reactor.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:94)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at reactor.netty.http.server.HttpTrafficHandler.channelRead(HttpTrafficHandler.java:252)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:324)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:311)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:432)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795)
at io.netty.channel.epoll.AbstractEpollChannel$AbstractEpollUnsafe$1.run(AbstractEpollChannel.java:388)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:384)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:882)reason:
You can only upload files with a maximum size of 8KB, which exceeds the limit and cannot be uploaded normally
Solution:
Method I (not effective):
Direct setting max-in-memory-size It can take effect
spring:
codec:
max-in-memory-size: 100MBHowever, the above code does not take effect in the spring 2.X.x version. The official said it was solved. It is estimated that it was solved in the later version, but the project has been produced. It is certainly impossible to change the version now, so we have to find another way. During his startup, debug found that it was set to 262144 when initializing the code:
Method II:
Configure configuration. In the configuration class of webfluxconfigurer in implements, implement configurehttpmessagecodes for configuration. The example is as follows
import org.springframework.context.annotation.Configuration;
import org.springframework.http.codec.ServerCodecConfigurer;
import org.springframework.http.codec.multipart.DefaultPartHttpMessageReader;
import org.springframework.http.codec.multipart.MultipartHttpMessageReader;
import org.springframework.web.reactive.config.WebFluxConfigurer;
@Configuration
public class WebConfig implements WebFluxConfigurer {
@Override
public void configureHttpMessageCodecs(ServerCodecConfigurer configurer) {
DefaultPartHttpMessageReader partReader = new DefaultPartHttpMessageReader();
// 9 KiB, default is 8 KiB
partReader.setMaxHeadersSize(100*1024*1024);
partReader.setEnableLoggingRequestDetails(true);
MultipartHttpMessageReader multipartReader = new MultipartHttpMessageReader(partReader);
multipartReader.setEnableLoggingRequestDetails(true);
configurer.defaultCodecs().multipartReader(multipartReader);
}
}
Done!
Read More:
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
Published: January 24, 2017
A while back I published a post about HTTP request header size limits. At the time, I had just finished remediating an issue where requests were being blocked by a WAF for exceeding the “max header size” policy.
Recently, I’ve been dealing with a similar, but slightly different issue…requests failing due to the size of the response headers. Here, I’ll document my findings on this issue…
Who Imposes These Limits
CDNs
The party complaining about large HTTP response headers for the issue I was working was Akamai, a popular edge caching solution. Per this forum post, if the origin serves a response with more than 8192 bytes of headers, Akamai will serve a 502 to the client. The official documentation regarding this limitation is only available when logging in to their portal. This limitation is not handled particularly gracefully by Akamai and the result is a WSoD with no error message.
Servers
Some servers, notably Tomcat impose their own set of limits on response header size. Tomcat allows you to tweak the configuration of the maxHttpHeaderSize attribute, however it defaults to 8192 bytes…
maxHttpHeaderSize: The maximum size of the request and response HTTP header, specified in bytes. If not specified, this attribute is set to 8192 (8 KB).https://tomcat.apache.org/tomcat-8.0-doc/config/http.html#Standard_Implementation
Hosting Companies
Heroku is an example of a hosting company which imposes restrictions HTTP response headers. Their docs state a limit of 8192 bytes for response cookies, for example, citing CDN restrictions…
Cookies are explicitly restricted to 8192 bytes. This is to protect against common restrictions (for example, imposed by CDNs) that rarely accept larger cookie values. In such cases, a developer could accidentally set large cookies, which would be submitted back to the user, who would then see all of his or her requests denied.
https://devcenter.heroku.com/articles/http-routing#http-validation-and-restrictions
Other Parts of the Stack
All sorts of other parts of the technology stack may also impose these types of limits.
Based on a quick scan of a Google search for “http response header size limit 8192” it seems the following all impose limitations on HTTP response header size (which are typically configurable).
- Elasticsearch
- Play framework
- HAProxy
When Would One Run Into These Limitations
One is likely to run into these limits when using cookies to track some attribute of a visitor that has no upper limit. For example, imagine an e-commerce application stored the contents of a visitors shopping cart in a cookie. This would be problematic, as, when a user’s shopping cart exceeds some certain amount, the size Set-Cookie header containing the contents of the cart would exceed the HTTP response header size limit.
What To Do
When contemplating using a cookie to store some piece of information it is important to consider whether that information has an upper bound. If it does not, cookies are a dangerous choice. A good alternative is to use local storage to store the data on the user’s browser so that it does not need to be transferred back and forth over HTTP.
Conclusion
If you have any questions or comments, feel free to drop a note below, or, as always, you can reach me on Twitter as well.
У меня есть приложение для Android отправить данные JSON на веб-сервис php, запущенный на Сервер WAMP.
Когда я отправляю много записей через JSON, у меня появляется ошибка:
"Bad Request
Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit."я был изменен конфигурация в php.ini лайк
upload_max_file_size в 64M а также upload_max_filesize в 64M
Как я могу решить это, пожалуйста?
0
Решение
Это связано с тем, что ваш веб-сервис http (apache?) Не разрешает запросы с данными, превышающими параметр LimitRequestFieldSize (по умолчанию 8190 байт)
Похоже, что один из ваших запросов JSON слишком велик или сумма файлов cookie слишком велика, и веб-служба блокирует его.
Кстати, увеличение LimitRequestFieldSize не очень хорошая идея из-за риска атак DOS.
Попробуйте свести к минимуму / очистить куки или упростить запрос Json.
3
Другие решения
Вы пытаетесь включить параметр LimitRequestFieldSize httpd.conf или файл .htaccess.
Использование здесь: Apache Docs
1
если вам нужно передавать большие данные (например, между API-интерфейсами с JSON в вашем случае), вместо использования запроса GET и размещения данных в заголовках, используйте запрос POST и отправляйте данные в теле.
С помощью POST вы все еще можете использовать заголовки для проверки токенов или небольших данных, но снова отправлять большие данные JSON, которые не помещаются в заголовки в теле POST.
Вот полная система для отправки данных JSON с помощью PHP:
### Sender PHP Side:
# Core function that sends big data with POST:
function curl_post($url, $header, $data){
$CURL = curl_init();
curl_setopt($CURL, CURLOPT_URL, $url);
curl_setopt($CURL, CURLOPT_POST, TRUE);
curl_setopt($CURL, CURLOPT_HTTPHEADER, $header);
curl_setopt($CURL, CURLOPT_POSTFIELDS, $data);
curl_setopt($CURL, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($CURL);
$http_code = curl_getinfo($CURL, CURLINFO_HTTP_CODE);
curl_close($CURL);
return array($http_code, $result);
}
# Prepare your data and send:
$url = "https://example.com/api.php";
$header = array(
"Content-Type: text/html",
"verify: <your fixed code to verify the request is legit>",
"anything: <you can send anything with headers here but the text you send should be SMALL>");
list($http_code, $result) = curl_post($url, $header, json_encode($your_big_data));
echo "http_code: $http_code<br>result: $result";
###########################
### Receiver PHP Side: (api.php in our example)
if (function_exists("apache_request_headers")) {$myHeaders = apache_request_headers();}
# See the headers you posted from other side:
print_r($myHeaders);
# See the JSON POST body you posted from other side:
echo file_get_contents('php://input');
0
Ошибка Request Header Or Cookie Too Large (Перевод «Request Header Or Cookie Too Large» звучит как «Заголовок запроса или куки слишком большие». ) возникает, когда nginx получает от браузера слишком большой заголовок запроса, это случается когда размер заголовков запроса больше допустимого предела установленного в настройках nginx’а. Например, ваш браузер отправляет на сервер слишком много cookies из-за этого размер запроса может быть достаточно большим и вы можете получать такую ошибку.
Решение проблемы
Для решения проблемы «Request Header Or Cookie Too Large» следует выполнить следующее:
- закрыть браузер, а потом заново его откройте. Несмотря на простоту данного совета, в некоторых случаях он оказывается довольно эффективным;
- Временно отключите ваши антивирус и брандмауэр, дабы убедиться, что они не являются виновниками возникшей проблемы;
- Проверьте ваш компьютер на вирусы, возможно какие то вредоносные программы пытаются перехватить ваш трафик.
- Очистите кэш и куки вашего браузера.
Если проблема не на стороне клиента, то скорее всего проблема находится на самом сервере.
За максимальный размер передаваемого пакета отвечают три параметра в конфигурации nginx, которые нужно разместить в секции http:
- client_body_buffer_size — размер буфера для тела запроса;
- client_header_buffer_size — размер буфера для заголовка;
- large_client_header_buffers — максимальное количество и размер буфера для чтения большого заголовка.
Для того что бы устранить ее вам надо поправить настройки nginx’а:
http {
...
large_client_header_buffers 4 16k;
...
}
Мы установили 4 буфера размером 16Кб каждый (по умолчанию 8Кб или 4Кб)
Далее мы перегружаем nginx через команду: nginx -s reload
Однако если у вас на сервере так же установлен Apache, то может возникнуть еще одна ошибка: «Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit.» Для того чтобы устранить ее нам нужно добавить в конфигурацию сайта следующий параметр:
LimitRequestFieldSize 16380
который так же отвечает за максимальный размер запроса который обработает Apache.