-
-
Notifications
You must be signed in to change notification settings - Fork 287
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP 431 & Realtime Subscriptions Failing #761
Comments
localhost
Instead of 127.0.0.1
localhost
Instead of 127.0.0.1
Also, if this helps, I know there should not be a difference to using The idea is my app needs to be running on the same URL for Supabase Auth to work, but that URL also needs to work with my external OAuth tool (which restricts me to just |
In my `` logs, I can confirm:
|
localhost
Instead of 127.0.0.1
Additional Context and my best guess of what is going on:
|
Hi @nbarrow-inspire-labs, by default, Phoenix limits the size of the headers to 4KB (reference), which is not a big size if you have several cookies. You will likely reach that limit if several services run on the same domain and the path is not scoping your cookies. If you are working locally on different projects, all those cookies will be stored at Can you share a screenshot of the size of all the cookies you have on the domain you are having trouble with? You can check it in the Chrome DevTools under the application tab |
Maybe you can change the configuration to allow bigger headers in your app. I think you just have to change the # Configures the endpoint
config :realtime, RealtimeWeb.Endpoint,
# ...
http: [
port: System.get_env("PORT", "4000"),
protocol_options: [max_header_value_length: 8192] # <-- this will duplicate the size of the header's limit
] |
@gabrielperales thanks for getting back to me. I think you're right, the size is just larger than the 4kb maximum (see screenshot below). I'm experiencing this issue using the supabase CLI but also the self-hosted docker compose example. Do you know if setting an environment variable will configure |
@gabrielperales would something like this work: #762 |
It worked for you, so yes :). But I would check why those cookies are so big and why you have those two rather than change the configuration. Anyway, I don't see any problem with having the option to overwrite that limit, but first, check what you are storing in those cookies and if everything is needed. If the answer is yes, then you will need to overwrite. You probably store the whole user profile in the cookie session and don't need to do that. |
@gabrielperales I did look at the cookies; there are two of them, both set by Supabase. One seems to be from my auth provider configured through Supabase (Keycloak) and the second seems to be a direct Supabase token. I.e., one is to authenticate between the client and Supabase, and one seems to be for Supabase to refresh itself against my Keycloak instance. |
I've been researching and you are right. It seems like Keycloak cookies are pretty big. https://keycloak.discourse.group/t/keycloak-cookies-are-too-large/15872 I don't know if there is a way to make them smaller, but seems legit to increase the header limit in this case. Let's see what the members of the Supabase team thinks about #762 :) |
) Update runtime.exs to allow a `MAX_HEADER_LENGTH` env variable Solves #761 by introducing an environment variable to override config -> http -> protocol_options -> max_header_value_length or leaves it at the default 4096 if no other value is specified --------- Co-authored-by: Filipe Cabaço <filipe@supabase.io>
PR was merged! thank you @nbarrow-inspire-labs for the contribution 🙏 |
Bug report
Describe the bug
When running Realtime using the latest supabase CLI (1.123.4
), using a web-address oflocalhost
is causing an HTTP 431Request header fields too large
error. However, if I change nothing else but change the browser's url fromlocalhost
to127.0.0.1
then everything works fine.I am now seeing this issue on
127.0.0.1
as well.Update 1
From an incognito browser (no cookies whatsoever) here is the request that is failing:
Here is the response:
Update 2
This looks related to the NGINX instance that runs Kong. Kong has an
nginx_http_client_header_buffer_size
variable (https://legacy-gateway--kongdocs.netlify.app/enterprise/2.4.x/property-reference/?_ga=2.40455847.426939276.1702781538-1754633255.1702781538#nginx_http_client_header_buffer_size). From the NGINX docs, (http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size), the default value os 1k. However, my request above (per Firefox) is aroung 6k.Update 3
Based on this it looks like
KONG_NGINX_HTTP_CLIENT_HEADER_BUFFER_SIZE
needs to be increased for SSR and cookies, as the cookies are much larger than the default1k
request size for Realtime.To Reproduce
127.0.0.1
, and everything works fine127.0.0.1
in the URL tolocalhost
and the websockets failExpected behavior
There should be no functional difference between localhost and
127.0.0.1
Screenshots
System information
macOS 13.3 (22E252)
^2.38.4
v18.17.1
The text was updated successfully, but these errors were encountered: