Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Request Header Fields Too Large #3930

Open
3 of 5 tasks
tampler opened this issue Jan 16, 2025 · 0 comments
Open
3 of 5 tasks

bug: Request Header Fields Too Large #3930

tampler opened this issue Jan 16, 2025 · 0 comments
Labels
bug Something is not working.

Comments

@tampler
Copy link

tampler commented Jan 16, 2025

Preflight checklist

Ory Network Project

No response

Describe the bug

Chromimum browser for Ubuntu 24 returns an error: Request Header Fields Too Large for the consent flow POST request ⛔

Presumably, the reason is the cookie size is TOO large 🙄

Attached cookies

  • Login session cookie - mp_sess in my request
  • Consent flow cookie. This is autogenerated and in my case the name is mp_consent_csrf_dev

Screenshots

Image

Image

Image

Reproducing the bug

  1. Setup kratos and hydra
  2. Implement login, register and consent flows
  3. Add cookie like this. Golang
// get consent cookie from headers
var cookie string

c.Request().Header.VisitAllCookie(func(_key, value []byte) {

key := string(_key)

if strings.Contains(string(key), "consent") || key == browserSession {
  cookie += fmt.Sprintf("%s=%s;", key, string(value))
}
})

Relevant log output

2025-01-16T15:35:46.256+0300    DEBUG   idp     consent cookie  {"cookie": "mp_sess=MTczNzAzMDk0NXxRNFZGb1ppVkpfWkllV0N2VV9rcENyMkRQU1c0bFhnUlNsZjdWdU1pWFVjaVVLSVZZLXJRdEU4MXNqMTZUZmp4akZQejY5d2gtdFNZZk10SFVyMURkcG9LYUYwbTIzWlFNZFhsc05hUGtrT1JvcGxic2UzMDNPaTNuOWpnRkZtZFplWVExem1iNnc0Y2wzZG1NY0lESXFsRUtIcXp6ZC1OZnUyWUM4VmFBbTdYdVk5b3NZSmdRTThOcno0X095MXJtLWVPQzhNRDlsdE5PZklERGRDMXdqeVZkZmdrM0FSTXB1SVE0Zko0Sjk4cHRCbEg3N1V3aGxEdjlwTDZZVzBwXzhFOXA1V08yVndaVUEtU3dvRXF8XwSlDArXO23vikHahSg6_SjDMRn7Lq2g2Thrs-Nlrjk=;mp_consent_csrf_dev_4001632846=MTczNzAzMDk0NXxLUFI4RXo0X2Nrb3NJWE95TGNYOWlybmZsVkJ2bWpETjZqYi1KcUU1dEt3SU9GV2lJekZLUW1MUVBNbk1Qc2VUNGdFdGlaRzhwYmIzRkhKV09KcWxQUnRIWWJ4MVdQMHFJa1FSYWthNENpbndXVHNxZVgyVEg3YXRsSTFtfF15oJHnE2j08LmTrrRIT-2RP39QUXuLJm8fiTEyJjg3;"}
2025-01-16T15:35:46.433+0300    DEBUG   idp     requested scope {"scope": "openid"}
2025-01-16T15:35:46.433+0300    DEBUG   idp     requested scope {"scope": "offline"}

Relevant configuration

serve:
  cookies:
    names:
      session: mp_sess
      login_csrf: mp_login_csrf
      consent_csrf: mp_consent_csrf

Version

v2.3.0-pre.1

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

OS: Ubuntu 24.04

Browser : 131.0.6778.264
Kratos: v1.3.1
Hydra: v2.2.3-pre.1
@tampler tampler added the bug Something is not working. label Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tampler