1

I have been troubleshooting an error on my web app and have concluded that Chrome is failing to handle my http request when my headers get too large.

Why are my headers large?

I am using a JWT authorization scheme that includes permissions in the JWT token. With my admin account that token is growing as I have permissions for each tenant. The JWT is currently around 5200 characters.

Why do I blame chrome?

I have tested the identical request in several environments:

  • Swagger: fails with TypeError: Failed to fetchenter image description here
  • Postman Chrome Extension: fails with Could not get any responseenter image description here
  • Postman Native App: Succeeds
  • Python script using requests: Succeeds
  • curl: Succeeds

For each test I have the same headers, url, and body (none because it is a GET).

Notes

  • While researching this, I came across this SO Question which suggests that Chrome is limited to 250KB headers. Mine are under 6k.
  • If I use a smaller Authorization header, then Swagger and the Postman Chrome Extension both succeed.

Bottom line:

  1. Can we confirm my conclusion that Chrome is having trouble with the larger header?
  2. What can I do about that?
Community
  • 1
  • 1
Eric Grunzke
  • 1,487
  • 15
  • 21

1 Answers1

1

My line of thoughts:
Chrome fails because it uses HTTP2
Postman native uses http1 that's why it works. Curl fails for me (and works if using --http1.1)

I'm still investigating, but this seems a server-side issue about maximum header size. For example http2_max_header_size config (in old nginx). Nowadays it's large_client_header_buffers , or similar config in kubernetes, load balancers etc.

corbacho
  • 8,762
  • 1
  • 26
  • 23