net::ERR_CONNECTION_CLOSED when Bearer token over 5260 characters.

[dzordzo]

Hi Team,

I'm using version 3.25.
I get a strange issue for one of the users (unfortunately tester).
When the user tries to execute API gets the result:

CODE: undocumented; Details: TypeError: Failed to fetch
On console, we get: net::ERR_CONNECTION_CLOSED

We are using Bearer Token authorization.
The only difference between working user cases and fail is the token.
A user on with it fails have many roles stored in the token and the length of the header token is over 5260 chars.

Way to reproduce:

1. Create API with Header Bearer Token authorization.
2. Call API by setting token over 5260 chars length.

There is no issue when the user calls endpoint through curl command or postman.

Example API:

{
  "openapi": "3.0.1",
  "info": {
    "title": "Warehouse API",
    "version": "v1"
  },
  "paths": {
    "/api/test": {
      "get": {
        "tags": [
          "test"
        ],
        "parameters": [ ],
		"responses": {
			"200": {
				"description": "Success"
			}
		}
      },  
	},
  },
  "components": {
	"schemas": {},
    "securitySchemes": {
      "TST-Bearer": {
        "type": "apiKey",
        "description": "JWT Authorization header using the Bearer scheme. Example: \"TST-Authorization: Bearer {token}\"",
        "name": "TST-Authorization",
        "in": "header"
      }
    }
  },
  "security": [
    {
      "TST-Bearer": [
        "readAccess",
        "writeAccess"
      ]
    }
  ]
}

[chunyeow]

Anyone can comment whether this issue going to be resolved?

[mathis-m]

I have tried to reproduce this issue but with no success. I have used this Swagger Editor Test File and a token which is 6476 characters long and it still works.
@dzordzo Could you provide the full failing request to us.

[chunyeow]

After a few round of digging and understanding the issue, this is not relevant to swagger UI instead due to the proxy in front of API server. In our case, we are deploying the ingress controller at Kubernetes cluster that have restriction of http2-max-header-size that causing the "long" request header to be rejected.

[GaetanoPiazzolla]

After a few round of digging and understanding the issue, this is not relevant to swagger UI instead due to the proxy in front of API server. In our case, we are deploying the ingress controller at Kubernetes cluster that have restriction of http2-max-header-size that causing the "long" request header to be rejected.

Hi, how did you fixed this issue?

[chunyeow]

If you have NGINX as proxy before reaching your endpoint, be sure that the long header is not throttled out by configuring "http2-max-header-size".

[GaetanoPiazzolla]

@chunyeow thank you for the response.

In our case we have fixed it configuring the config map of the Nginx controller specifying the subsequent configurations :

• http2-max-header-size
• http2-max-field-size
• large-client-header-buffers

Do you have any clues about WHY with postman/curl this problem does not occur?

[chunyeow]

What's your error log in NGINX? Try to check whether the API call reached your NGINX proxy or your endpoint.

…

On Fri, Sep 17, 2021 at 4:31 PM Gaetano Piazzolla ***@***.***> wrote: @chunyeow <https://github.com/chunyeow> thank you for the response. In our case we have fixed it configuring the config map of the nginx controller specifying the subsequent configurations : - http2-max-header-size - http2-max-field-size - large-client-header-buffers Do you have any clues about WHY with postman / curl this problem does not occurs? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#5931 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAIF5QQZQV3TQPXYM2AZARTUCL4E3ANCNFSM4LSP6XIQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[GaetanoPiazzolla]

Nginx does not write anything. It seems that it's blocked by the browser.
Very strange behavior.
Anyway with the configuration specified above everything works correctly.