Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Cannot set large headers #169

Open
calderonth opened this issue Jun 19, 2024 · 0 comments
Open

[BUG] Cannot set large headers #169

calderonth opened this issue Jun 19, 2024 · 0 comments
Assignees
@Ealenn
Labels
bug Something isn't working

Comments

@calderonth
Copy link

Describe the bug
When a client sends a large enough HTTP header the echoserver will not process the request and return a 431 status.
By default the node version used will only accepts headers up to 16kB.

To Reproduce
Send a request with HTTP headers > 16kB.

import requests

def test_large_headers(url, start_size_kb=1, step_kb=1, max_attempts=100):
    size_kb = start_size_kb
    attempt = 0

    while attempt < max_attempts:
        header_value = 'a' * (size_kb * 1024)
        headers = {'X-Test-Header': header_value}

        try:
            response = requests.get(url, headers=headers)
            print(f"Attempt {attempt + 1}: Header size {size_kb} KB - Status code {response.status_code}")

            if response.status_code == 431:
                print(f"Received 431 error with header size {size_kb} KB")
                break

            size_kb += step_kb
            attempt += 1

        except requests.exceptions.RequestException as e:
            print(f"Request failed: {e}")
            break

    return size_kb - step_kb

if __name__ == "__main__":
    test_url = "http://example.com"  # Replace with the actual URL of the remote HTTP service
    max_header_size_kb = test_large_headers(test_url)
    print(f"The maximum header size the service can handle is approximately {max_header_size_kb} KB")

And running against:

Attempt 1: Header size 1 KB - Status code 200
Attempt 2: Header size 2 KB - Status code 200
Attempt 3: Header size 3 KB - Status code 200
Attempt 4: Header size 4 KB - Status code 200
Attempt 5: Header size 5 KB - Status code 200
Attempt 6: Header size 6 KB - Status code 200
Attempt 7: Header size 7 KB - Status code 200
Attempt 8: Header size 8 KB - Status code 200
Attempt 9: Header size 9 KB - Status code 200
Attempt 10: Header size 10 KB - Status code 200
Attempt 11: Header size 11 KB - Status code 200
Attempt 12: Header size 12 KB - Status code 200
Attempt 13: Header size 13 KB - Status code 200
Attempt 14: Header size 14 KB - Status code 200
Attempt 15: Header size 15 KB - Status code 200
Attempt 16: Header size 16 KB - Status code 431
Received 431 error with header size 16 KB
The maximum header size the service can handle is approximately 15 KB

Expected behavior
It would be helpful to increase the limit or make this configurable via an environment variable.
node can be set to specific values such as --max-http-header-size.

Additional context
Authenticating proxies that send user profile/group information easily exceed the 8kB length.
@calderonth calderonth added the bug Something isn't working label Jun 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ealenn Ealenn

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@calderonth @Ealenn