Request Header Fields Too Large
erikskrt
PROOP

10 months ago

Hey Everyone! Set up a next.js rewrite from my NextJS application
myapp.io/api/ -> the railway URL

Unfortunately the cookie size is very large due to JWTs and we're getting Request Header Fields Too Large. The backend doesn't even need to use this cookie, and there's no way to omit it from NextJS's end without creating and paying for custom middleware.

Is there any way to set up Railway to ignore the Cookie header? instead of returning the Request Header Fields Too Large error

16 Replies

erikskrt
PROOP

10 months ago

dfca2de8-200c-4fbb-b74c-74a8a8ee1296


10 months ago

can you provide a screenshot of this error?


erikskrt
PROOP

10 months ago

yes


erikskrt
PROOP

10 months ago


erikskrt
PROOP

10 months ago

can reproduce with the URL i sent above as well if it helps


erikskrt
PROOP

10 months ago

i think you can only reproduce if logged into joylink.io actually since that's what sets the cookie


10 months ago

iirc the header limit is 8KB, i can't see us increasing that anymore unfortunately


erikskrt
PROOP

10 months ago

any way to make it just reject headers over the limit


10 months ago

we do not provide that kind of functionality


10 months ago

Hi, the solution to this is (unfortunately) better token design. You should only be storing core information in the JWT token anyways, such as a unique identifier for the user and the barebones information that is required to make the site work. For example, if you're storing the entire user object in the JWT and only accessing the SUB (uid) for authentication (assuming your payload is signed), you should really only be storing the SUB on that token.


10 months ago

Unfortunately the cookie size is very large due to JWTs and we're getting Request Header Fields Too Large. The backend doesn't even need to use this cookie, and there's no way to omit it from NextJS's end without creating and paying for custom middleware.


10 months ago

I can't read


10 months ago

Can you tell me which cookie it is?


10 months ago

Oh well, I can't even sign into it because "API Key required" or something


10 months ago

oh well


10 months ago

Pretty cool product tho btw


Loading...