0

I am making a request to an ordinary express.js server where it's supposed to parse the param that looks like this:

app.get('/:param', function(req, res) {
  // do something
})

This works for 99% of the ordinary cases, but when I try to pass a very long parameter (about 10,000 characters) it fails with 400 Error.

The server doesn't give any other details than just 400 error and I've looked all over the internet but while there does exist a limit to the URL length, that's way above 10,000 and I don't think that's the reason.

Again, shorter urls work just fine with exactly the same code. It's long urls that fail. So my question is:

  1. Am I mistaken about the limits and this is not supposed to be poossible?
  2. How can I debug this situation? All I get is 400 error.
Vlad
  • 8,038
  • 14
  • 60
  • 92

1 Answers1

0

Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. That is a compile-time constant, you would have to use a custom-compiled version of Node to set that constant larger.

celicoo
  • 1,100
  • 8
  • 18
  • This highly-upvoted answer: https://stackoverflow.com/a/1097727/1072150, clarifies things a bit. 8K is a common limit, but different web severs have different limits and in some cases it appears to be a configurable value. – EJK Jan 10 '19 at 02:57
  • Yes, I'm not sure how they decided that though. You can see on this [issue](https://github.com/nodejs/node/issues/24692) a discussion about making the value configurable. – celicoo Jan 10 '19 at 02:58
  • 1
    I think its 80KB, not 8KB https://stackoverflow.com/questions/32763165/node-js-http-get-url-length-limitation - Also, this same URL works on another server with identical spec with identical code. I have no idea how to debug this.. – Vlad Jan 10 '19 at 03:49
  • There is no way to debug this, as I said yesterday, it is a compile-time constant, you can only change or remove it by changing the C++ code and compile it again. – celicoo Jan 10 '19 at 12:53
  • yes, also referencing this answer (https://stackoverflow.com/a/32763588), limit seems to be `80kb` and `8kb` on very latest node versions, would be interested to know definite answer. several answers seems to reference this bit of code, that shows limit as `(80*1024)`: https://github.com/nodejs/http-parser/blob/master/http_parser.h#L55 – user1063287 Jul 22 '19 at 08:32