sdkconfig - CONFIG_HTTPD_MAX_REQ_HDR_LEN=512 byte default value too small
Posted: Thu Dec 02, 2021 4:12 pm
The default in build for this configuration parameter: CONFIG_HTTPD_MAX_REQ_HDR_LEN is 512 bytes.
This is causing "Header fields are too long for server to interpret" errors on a single field form post.
It needs to be set at least 768 bytes, but 1024 would be better.
This is a burden for customers using Arduino because the binary isn't easy to recompile.
For example, using Wireshark, this is the "post" header for Google Chrome on MacOS on the latest Catalina:
(it's 554 bytes plus CR/LFs not shown)
Host: 192.168.4.1
Connection: keep-alive
Content-Length: 95
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.4.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.4.1/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,pl;q=0.8
For a Chrome "get" header is at least 478 bytes ....
Host: 192.168.4.1\r\n
Connection: keep-alive\r\n
Upgrade-Insecure-Requests: 1\r\n
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\n
Referer: http://192.168.4.1/\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.9,pl;q=0.8\r\n
\r\n
This is causing "Header fields are too long for server to interpret" errors on a single field form post.
It needs to be set at least 768 bytes, but 1024 would be better.
This is a burden for customers using Arduino because the binary isn't easy to recompile.
For example, using Wireshark, this is the "post" header for Google Chrome on MacOS on the latest Catalina:
(it's 554 bytes plus CR/LFs not shown)
Host: 192.168.4.1
Connection: keep-alive
Content-Length: 95
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.4.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.4.1/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,pl;q=0.8
For a Chrome "get" header is at least 478 bytes ....
Host: 192.168.4.1\r\n
Connection: keep-alive\r\n
Upgrade-Insecure-Requests: 1\r\n
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\n
Referer: http://192.168.4.1/\r\n
Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.9,pl;q=0.8\r\n
\r\n