In a world of SAML tokens, OIDC, and cookie-utilizing load balancers - Digital AI Release needs to be able to support a configurable maximum header size. Currently, the maximum header size is a hard-coded 8kB. This upper limit is frequently too small for teams relying on passing auth tokens and scopes around in headers (OIDC auth, SAML tokens). All modern web server frameworks support configurable header sizes (Springboot, Jetty Core, Django etc) and Release should follow suit!
by: Devon G. | 6 months ago | Administration
Comments
This is supported in version 24.1. We have added documentation to explain how to configure it.
https://docs.digital.ai/bundle/devops-release-version-v.24.1/page/release/how-to/configure-max-http-header-size.html