[jira] [Commented] (NIFI-12762) ListenHTTP request headers limited to 8192 bytes

Tue, 27 Aug 2024 13:41:20 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-12762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17877174#comment-17877174
 ] 

Michael W Moser commented on NIFI-12762:
----------------------------------------

It looks like your unit test verifies the current behavior of ListenHTTP.  You 
will want to modify it such that a large header results in a success status 
code.

It's certainly not easy to find how to change the max header size in Jetty.  
But you can do it by modifying an HttpConfiguration object.

In the ListenHTTP createServerConnector() method, you could do something like 
this:

 
{code:java}
    final StandardServerConnectorFactory serverConnectorFactory = new 
StandardServerConnectorFactory(server, port) {
        @Override
        protected HttpConfiguration getHttpConfiguration() {
            final HttpConfiguration httpConfiguration = 
super.getHttpConfiguration();
            httpConfiguration.setRequestHeaderSize(requestMaxHeaderSize);
            return httpConfiguration;
        }
    }; {code}
 

 

> ListenHTTP request headers limited to 8192 bytes
> ------------------------------------------------
>
>                 Key: NIFI-12762
>                 URL: https://issues.apache.org/jira/browse/NIFI-12762
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.25.0, 2.0.0-M2
>            Reporter: Michael W Moser
>            Assignee: Sash Sujith
>            Priority: Minor
>         Attachments: Screenshot from 2024-07-12 19-52-19-1.png
>
>
> ListenHTTP will parse HTTP request headers if the property "HTTP Headers to 
> receive as Attributes" is set.  An HTTP client can sent request headers that 
> are larger than the default allowed 8192 bytes, and we get the log message
> {noformat}
> 2024-02-08 20:22:16,548 WARN [ListenHTTP 
> (8a290f74-018d-1000-a9d2-c06fdb10e3f3) Web Server-188] 
> org.eclipse.jetty.http.HttpParser Header is too large 8193>8192{noformat}
> and ListenHTTP responds with  HTTP ERROR 431 Request Header Fields Too Large
> The NiFi UI and REST API sets the max header size to 16384 and it is 
> configurable in nifi.properties "nifi.web.max.header.size", in the file 
> FrameworkServerConnectorFactory.java.
> We should probably allow ListenHTTP to use the same max header size setting.
> Should we also look into this for HandleHttpRequest?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to