On Fri, 2023-05-19 at 16:55 +0200, Henrik Holst wrote:
> Yeah it is ofc a complex situation, the web servers themselves does
> not help much either since basically none of them responds with a
> proper 413 and instead send a generic 400.
> 
> When it comes to your #1 to #3 I think that all we can do there is
> make sure that the documentation for the setting is very clear on
> that this must match the setting at the server side. However since
> this is configurable on the server side there can very well be
> servers out there with a size < 8kb which means that curl could
> currently fail in the exact same way with no indication on why. AFAIK
> e.g nginx uses the page size by default so on many systems it
> currently have a default size of 4k.

This is indeed a mess, so our arbitrary limit of 8k today is just
that... arbitrary.

I would like to find a solution that our customers can use in the
specific case of Kerberos auth with ADSF at least. I think it's ok we
we require user to specific an extra argument on curl's command line to
bump the limit.

What approach should we take ? I'm happy to give a try at writing &
submitting the patch myself.

Cheers,
Ben.


> /HH
> 
> Den fre 19 maj 2023 kl 16:30 skrev Daniel Stenberg <dan...@haxx.se>:
> > On Fri, 19 May 2023, Henrik Holst wrote:
> > 
> > > I did some more digging around on what the various http servers uses and 
> > > while it is 8k on most servers (apache, nginx) it is 16k on IIS but it is 
> > > also configurable on all http servers. So it can be set to be higher on 
> > > apache, nginx, IIS and most other http servers out there. So having it be 
> > > configurable in libcurl as well does IMHO not sound that outlandish.
> > 
> > No, it is perfectly logical. It's just that this is one of those tough ones.
> > 
> > 1. basically no user will understand when to change such an option
> > 
> > 2. setting it to a "too high" value and using that size, risks making your
> >     curl transfers to fail with rather inexplainable failure modes
> > 
> > 3. A user might change the value and find it works fine *for years* (perhaps
> >     because they never reach the limit) and then they try another server or
> >     even worse: the primary server updates and then suddenly without 
> > anything
> >     in curl or the application having changed, the transfers fail.
> > 
> > But yes: by *not* offering such an option we also have users that cannot 
> > make 
> > their application perform correctly because libcurl blocks it from doing 
> > what 
> > it needs to do simply because there are *other* servers out there that will 
> > not appreciate a request like that.
> > 
> > Maybe a small thing to help would be to make curl use a verbose output when 
> > it 
> > sends a cookie header that is longer than the current limit? That at least 
> > could be a clue for users who get a 400 back without understanding why...
> > 

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Reply via email to