I'm performing a multi-path update to Firebase that results in receiving the undocumented error code 18.
I can perform the multi-path update in smaller chunks, and I receive a successful 200, but when it is all in one, the request fails. Also, I know the request is formed correctly as I've made sure to beware the multi-path update pitfall explained here.
So, what's the deal?
The deal is, quite unexpectedly, that I have the "debug" claim set to true in the Authentication token.
Because the multi-path update tests the security rules at each supplied path, and the “x-firebase-auth-debug” response header contains the results of each security rule, that can lead to a very large header. So large that it causes Firebase to return status code 18, which is the cURL Partial File error.
Now, apparently there is no actual header-size limit defined by HTTP, but most web servers impose some sort of limit for size of headers in and out. If the size is too large, servers should return a “413 Entity Too large”, which Firebase is not doing and is the cause of the issue (I believe).
Removing the "debug" claim from the token and performing the exact same multi-path update results in success.
EDIT:
On other occasions, I've received other cURL errors rather than the expected HTTP response codes - is there a reason that these remain undocumented? (I guess it could be the server that I'm sending requests from, so I'll check there and update later, but I figured I'd ask just in case...)
