You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have an ASP.NET 9.0 service that is running in a Windows container. One of my clients is sending me an Authorization header line in their HTTP request that is over 8k in size. This is causing Kestrel to send back an HTTP 431 "Request Header Fields Too Large".
This is not a max-header size issue. I'm under the max, I just have one field that is longer than 8k.
I've tried changing the following:
options.Limits.MaxRequestLineSize = 32 * 1024;
options.Limits.MaxRequestHeadersTotalSize = 64 * 1024;
but neither are changing the 8k max I'm seeing for the single header field. Given the docs I didn't expect either of them to, but I wanted to test it to make sure. I also took a quick look at the code, and didn't see any obvious way to change the limit. It looks like it should just read into the remaining total buffer, but there is definitely a per-line limit I can see by ad-hoc testing.
Is there any way to increase the allowable line length for HTTP/1.1 Request fields? If not, a definitive "No" would be a great answer as well.
(Yes, I am aware that this is a question that indicates a likely error on our client and not a Kestrel bug, but it's an issue I'm hitting with one of my clients nonetheless. I'm working with them to see if they are sending extraneous data in the field, but until they figure it out my service will likely keep throwing 431s with their packets.)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I have an ASP.NET 9.0 service that is running in a Windows container. One of my clients is sending me an
Authorizationheader line in their HTTP request that is over 8k in size. This is causing Kestrel to send back an HTTP 431 "Request Header Fields Too Large".This is not a max-header size issue. I'm under the max, I just have one field that is longer than 8k.
I've tried changing the following:
options.Limits.MaxRequestLineSize = 32 * 1024;
options.Limits.MaxRequestHeadersTotalSize = 64 * 1024;
but neither are changing the 8k max I'm seeing for the single header field. Given the docs I didn't expect either of them to, but I wanted to test it to make sure. I also took a quick look at the code, and didn't see any obvious way to change the limit. It looks like it should just read into the remaining total buffer, but there is definitely a per-line limit I can see by ad-hoc testing.
Is there any way to increase the allowable line length for HTTP/1.1 Request fields? If not, a definitive "No" would be a great answer as well.
(Yes, I am aware that this is a question that indicates a likely error on our client and not a Kestrel bug, but it's an issue I'm hitting with one of my clients nonetheless. I'm working with them to see if they are sending extraneous data in the field, but until they figure it out my service will likely keep throwing 431s with their packets.)
Thanks,
Brian
Beta Was this translation helpful? Give feedback.
All reactions