9

The application return 400 because it has 3 cookies, about 4k bytes each. I am trying to set the max-http-header-size property when running the application with angular cli. (ng serve)

The application works as expected when running in production.

Technologies:

angular CLI: 8.1.3
asp.net core 2.1.3

Tried running node --max-http-header-size=14000 but it does not work.

Improve this question
3
  • ASP.NET Core Version and startup method may be useful. The new templates (ASP.NET Core 2.2) simply pass through to nodejs, so everything you set up is same. Look in your package.json file in the scripts section, there should be a start section with the commands (and parameters) that get run when you start the application Commented Aug 16, 2019 at 14:11
  • But on a more serious note, you should fix your application. 3x4k cookies is prohibitive. These have to be uploaded at every single time you send a request, causing not only unnecessary bandwidth and lowering the response rate of your application, so the users feel its "slowiness". Are these JWT tokens packed with dozens of claims? If you you are doing it wrong, JWT claims should be small enough. Consider using Reference (aka opaque) tokens, which is just an ID and obtain the claims server sided. Also, authentication != authorization, permissions dont belong to identity/access tokens Commented Aug 16, 2019 at 14:18
  • Yes, I know about the commands in the package.json, but not sure how I would set the header size limit in there. The cookie contains a jwt, generated by an external API. If I don't store them in the encrypted cookie I would need to validate it on each call, which would add some extra complexity. Commented Aug 16, 2019 at 20:22

2 Answers 2

Reset to default
8

The solution would be to set the value of the max header size before calling the ng serve function: node --max-http-header-size=100000 ./node_modules/@angular/cli/bin/ng serve

If you are using ASP.NET Core, this can be added in package.json:

"scripts": {
    "ng": "ng",
    "start": "node --max-http-header-size=100000 ./node_modules/@angular/cli/bin/ng serve",
    "build": "ng build"
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The new templates (ASP.NET Core 2.2) simply pass through to nodejs, so everything you set up is same as w/o ASP.NET Core.

You'll know if you use the new or old templates by looking in your Startup.cs. If there is an app.UseSpa(spa => { ... }); line you're using the new packages and SPA approach, where ASP.NET Core simply pipes everything to the nodejs server that starts with the application.

Look in your package.json file in the scripts section, there should be a start section with the commands (and parameters) that get run when you start the application, something like

"scripts": {
  "ng": "ng",
  "start": "ng serve --extract-css",
  "build": "ng build --extract-css",
  "build:ssr": "npm run build -- --app=ssr --output-hashing=media",
  "test": "ng test",
  "lint": "ng lint",
  "e2e": "ng e2e"
},
Improve this answer

1 Comment

Still, how is the header size limit set?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.