Fix Error 400 Header Line Too Long
Fix Error 400 Header Line Too Long when using Identity v3 PKI Tokens Uses swift.conf max_header_size option to set wsgi.MAX_HEADER_LINE, allowing the operator to customize this parameter. The default value has been let to 8192 to avoid unexpected configuration change on deployed platforms. The max_header_size option has to be increased (for example to 16384), to accomodate for large Identity v3 PKI tokens, including more than 7 catalog entries. The default max header line size of 8192 is exceeded in the following scenario: - Auth tokens generated by Keystone v3 API include the catalog. - Keystone's catalog contains more than 7 services. Similar fixes have been merged in other projects. Change-Id: Ia838b18331f57dfd02b9f71d4523d4059f38e600 Closes-Bug: 1190149
This commit is contained in:
@@ -304,7 +304,27 @@ The main rule to remember when working with Swift configuration files is:
|
||||
using the ``set`` syntax or you'll probably mess up your non-paste.deploy
|
||||
configuration files.
|
||||
|
||||
--------------------
|
||||
Common configuration
|
||||
--------------------
|
||||
|
||||
An example of common configuration file can be found at etc/swift.conf-sample
|
||||
|
||||
The following configuration options are available:
|
||||
|
||||
=================== ========== =============================================
|
||||
Option Default Description
|
||||
------------------- ---------- ---------------------------------------------
|
||||
max_header_size 8192 max_header_size is the max number of bytes in
|
||||
the utf8 encoding of each header. Using 8192
|
||||
as default because eventlet use 8192 as max
|
||||
size of header line. This value may need to
|
||||
be increased when using identity v3 API
|
||||
tokens including more than 7 catalog entries.
|
||||
See also include_service_catalog in
|
||||
proxy-server.conf-sample (documented in
|
||||
overview_auth.rst)
|
||||
=================== ========== =============================================
|
||||
|
||||
---------------------------
|
||||
Object Server Configuration
|
||||
|
@@ -47,11 +47,12 @@ swift_hash_path_prefix = changeme
|
||||
|
||||
#max_meta_overall_size = 4096
|
||||
|
||||
|
||||
# max_header_size is the max number of bytes in the utf8 encoding of each
|
||||
# header. Using 8192 as default becasue eventlet use 8192 as max size of
|
||||
# header line and the longest header passed from Keystone(PKI token) uses
|
||||
# 8192 as default too.
|
||||
# header. Using 8192 as default because eventlet use 8192 as max size of
|
||||
# header line. This value may need to be increased when using identity
|
||||
# v3 API tokens including more than 7 catalog entries.
|
||||
# See also include_service_catalog in proxy-server.conf-sample
|
||||
# (documented in overview_auth.rst)
|
||||
|
||||
#max_header_size = 8192
|
||||
|
||||
|
@@ -31,13 +31,16 @@ from paste.deploy import loadwsgi
|
||||
from eventlet.green import socket, ssl
|
||||
from urllib import unquote
|
||||
|
||||
from swift.common import utils
|
||||
from swift.common import utils, constraints
|
||||
from swift.common.swob import Request
|
||||
from swift.common.utils import capture_stdio, disable_fallocate, \
|
||||
drop_privileges, get_logger, NullLogger, config_true_value, \
|
||||
validate_configuration, get_hub, config_auto_int_value, \
|
||||
CloseableChain
|
||||
|
||||
# Set maximum line size of message headers to be accepted.
|
||||
wsgi.MAX_HEADER_LINE = constraints.MAX_HEADER_SIZE
|
||||
|
||||
try:
|
||||
import multiprocessing
|
||||
CPU_COUNT = multiprocessing.cpu_count() or 1
|
||||
|
Reference in New Issue
Block a user