From 8bfede873dd8b60b9547eec798f90f2a54362e99 Mon Sep 17 00:00:00 2001 From: David Moore Date: Tue, 18 Feb 2025 11:05:13 +1100 Subject: [PATCH] fix(dash): increase dashboard header size limit --- pkg/cloud/gateway/gateway.go | 2 +- .../frontend/cypress/e2e/api-explorer.cy.ts | 25 +++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/pkg/cloud/gateway/gateway.go b/pkg/cloud/gateway/gateway.go index be9ecf2b..5db46cf4 100644 --- a/pkg/cloud/gateway/gateway.go +++ b/pkg/cloud/gateway/gateway.go @@ -650,7 +650,7 @@ func (s *LocalGatewayService) createApiServers() error { ReadTimeout: time.Second * 1, IdleTimeout: time.Second * 1, CloseOnShutdown: true, - ReadBufferSize: 8192, + ReadBufferSize: 64 * 1024, // Set to 64 KB to handle large headers Handler: s.handleApiHttpRequest(apiName), Logger: log.New(s.logWriter, fmt.Sprintf("%s: ", lis.Addr().String()), 0), } diff --git a/pkg/dashboard/frontend/cypress/e2e/api-explorer.cy.ts b/pkg/dashboard/frontend/cypress/e2e/api-explorer.cy.ts index e5a3786e..d859827c 100644 --- a/pkg/dashboard/frontend/cypress/e2e/api-explorer.cy.ts +++ b/pkg/dashboard/frontend/cypress/e2e/api-explorer.cy.ts @@ -26,6 +26,17 @@ const expectedEndpoints = [ 'my-secret-api-/set-binary-POST', ] +function setLongCookie(name: string, value: string) { + const maxSize = 4000 // Approximate max cookie size (4KB) + const chunks = Math.ceil(value.length / maxSize) // Calculate the number of chunks needed + + // Loop through and set each chunk as a separate cookie + for (let i = 0; i < chunks; i++) { + const chunkValue = value.substring(i * maxSize, (i + 1) * maxSize) // Get the current chunk of the value + cy.setCookie(`${name}-${i}`, chunkValue) // Set the chunk as a cookie with the index in the name + } +} + describe('APIs spec', () => { beforeEach(() => { cy.viewport('macbook-16') @@ -335,4 +346,18 @@ describe('APIs spec', () => { } }) }) + + it('should handle big headers', () => { + setLongCookie('long-header', 'a'.repeat(10000)) + + cy.intercept('/api/call/**').as('apiCall') + + cy.get('[data-rct-item-id="first-api-/all-methods-GET"]').click() + + cy.getTestEl('send-api-btn').click() + + cy.wait('@apiCall') + + cy.getTestEl('response-status', 5000).should('contain.text', 'Status: 200') + }) })