Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
[gateway] Default max_header size for the gateway is not configurable #2037
The default max_header size is 8192 bytes for the gateway, but it is not configurable at the current version.
Expect that one could adjust the max_header_size to increase or decrease the default. This could be adjusted through the management API/UI or the gravitee.yml.
Also expect that if this did occur, that there would be an entry in the access.log or the gravitee.log and that the X-Gravitee-Transaction-Id would be added to the response.
the max_header is not configurable. This is an issue when sending requests with header sizes greater than 8192 bytes which can occur with abnormally large cookies or JWT tokens as well as other large items in the header.
There is also no corresponding log in the access.log or gravitee.log or in the analytics section of the management UI. No X-Gravitee-Transaction-Id is added to the response to indicate that the request made it to the gravitee gateway.
Create a policy to adjust this setting in the API/UI or allow this to be set globally via the gravitee.yml;.
Also adjust the code such that if a request comes in with a header size > max_header , ensure that a log is written to inform the client what has occurred.
Steps to Reproduce (for bugs)
clients of our service are unable to submit requests when using large JWTs combined with large cookies. Large cookies and large JWTs are bad practice, and should be avoided at all costs. However adding the flexibility to Gravitee.io would still be beneficial for edge cases.