Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Deprecate server.max-http-header-size in favor of new server.max-http-request-header-size property

See original GitHub issue

I am using the embedded Jetty Container and came across the problem that the server.max-http-header-size property is “only” used to set the size of the request header. Jetty differentiates between request and response header size. I know, that you can set the response header size by providing your own customizer. But the name of the property indicates that it affects all header sizes not only the request ones. So wouldn’t it make sense to use the property on both response and request header size?

As of now the JettyWebServerFactoryCustomizer only uses setRequestHeaderSize but in my opinion should also use setResponseHeaderSize

I am more than happy to provide the minimal change in a pull request if this change is seen as useful.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:11 (8 by maintainers)

github_iconTop GitHub Comments

2reactions
markt-asfcommented, Feb 2, 2022

Yes, please raise an issue. I suspect we’ll separate them out into two new settings with the old setting being used as a default and removed for 10.1.x onwards.

1reaction
wilkinsonacommented, Jul 25, 2022

We’re going to introduce server.max-http-request-header-size. We’d like to keep server.max-http-header-size in a deprecated form but that will require us to keep its current behaviour. If both properties are set, we should throw an exception. If that proves to be too complicated, we may just remove server.max-http-header-size.

We are not going to introduce Jetty- and Tomcat-specific properties for the response header size at this time. We may do so in the future, however.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Max-HTTP-Header-Size in Spring Boot 2 - Baeldung
Learn how to set and use the max-http-header-size property in a Spring ... The HTTP header values are restricted by server implementations.
Read more >
Spring Boot 3 Upgrade Guide
max-http-header-size has been deprecated and is now replaced by server.max-http-request-header-size and this property can now only be used to ...
Read more >
Apache Tomcat 8 Configuration Reference (8.5.84)
Connections are queued inside the server socket created by the Connector ... This default may be modified if the deprecated system property ......
Read more >
How to set max-http-header-size in spring boot 2.x application
You should set on the "application.properties" file: server.max-http-header-size=48000. 48000 is an example of an excessive header, ...
Read more >
Common Application Properties - Spring
Name Description Default... spring.cassandra.config Location of the configuration file to use. spring.cassandra.controlconnection.timeout Timeout to use for control queries. 5s spring.cassandra.keyspace‑name Keyspace name to use.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Declared defaults do not get property references replace

Next page

Improve project setup for IntelliJ IDEA