11

I created a Node.js based web application, running in an Azure Web App, that I wanted to put behind an Azure Active Directory authentication. After activating "App Service Authentication", the login process works normally, however upon returning to my app, it just returns a HTTP 431 "Request Header Fields Too Large".

To validate it's not my app, I checked the Azure web app sample for Node.js and even this returns a 431 when activating AAD.

Steps to reproduce:

  • Create new Azure resource -> Web App
    • Select any Node based runtime stack, for example Node 12 LTS
    • Select any OS
    • Create the web app and wait for deployment to finish
  • Create a simple web app
  • In the web app settings, go to "Authentication / Authorization"
    • Turn "App Service Authentication" to "On"
    • Select Azure Active Directory
    • Select Express Management Mode and create a new Azure AD App in the process
    • As "Action to take when request is not authenticated" select "Log in with Azure AD"
    • Confirm

Result: When opening the web app URL with a browser, it will show the log in process, following the process everything seems to work fine and the AAD returns to the application, however at that point it returns a HTTP 431.

Further tests:

  • Deactivate the authentication and everything works fine again
  • Upload a simple .html file instead of a Node app works fine with authentication enabled
  • Tested with restify and http

Any ideas? Am I missing something?

Dirk Songür
  • 385
  • 2
  • 10

1 Answers1

15

This is a known issue since there is limitation with more recent versions of node that utilize a hard cap of 8KB for headers. EasyAuth adds some very large headers to the request, which can cause the node container to reject the request made by the middleware container with a 400. Read more about it here:   This can be mitigated by setting the app setting WEBSITE_AUTH_DISABLE_IDENTITY_FLOW to true. This will remove one of the largest headers we add to the request. This header is generally only used by .NET Framework and Azure Functions apps, and so this setting should be safe.

If the issue still occurs, you can try with NodeJS 12 versions or increase the header size parameter: node server.js --max-http-header-size 81000

Bryan Trach-MSFT
  • 765
  • 1
  • 5
  • 9
  • 1
    Hi Bryan, thank s for the answer! That seems to be the issue. I'll try your setting and report back. Would you mind adding the link you hinted at, please? Funny enough the issue doesn't come up on West EU location servers, only on US based ones. Are we using different (sized) headers for those? – Dirk Songür Apr 09 '20 at 08:09
  • 2
    Adding "WEBSITE_AUTH_DISABLE_IDENTITY_FLOW" = "true" to Configuration -> Application Settings did the trick - thank you very much! – Dirk Songür Apr 09 '20 at 08:24
  • Dirk, I'm glad this helped you. This URL that I forgot to hyper link is here: https://github.com/nodejs/node/issues/24693 – Bryan Trach-MSFT Apr 12 '20 at 09:13
  • simply switching to NodeJS v14 seemed to do the trick for me. I am unsure if that is due to a NodeJS v14 change or a setting in Azure App Service for NodeJS v14 – pcnate Jun 16 '21 at 19:07