What is the maximum size of the URI of a request and how to increase it ?
I have a CSP page that throw a "414 error - Request-URI Too Long" when I put lot of text (eg : 10000 characters) into a field of a submitted form. The form is submitted using POST method.
Based on some experiments I made, it seems the max size of a URL is around 8200 characters.
What is the official limit, and is there a way to increase it ? I searched in the documentation but couldn't find anything.
That's telling you the URL you're requesting is too long, not the request body. If it was the request body that was too big, that'd be a 413, not a 414. If you're getting that when your form contains a very long entry, you're probably somehow converting the request to a get, not a post, request. Can we see the code for your form as well as how it's being submitted?
Here is some code example
<form name="WWW" id="WWW" action="/csp/foo.cls" method="POST"> <textarea id="PARAM1" name="PARAM1"></textarea> </form>document.WWW.submit();Which will result in the following request :
POST https://something/csp/foo.cls?PARAM1=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1 Accept: */* Content-Type: text/html;charset=UTF-8 Referer: https://something/ Content-Length: 0 Connection: Keep-Alive Cache-Control: no-cacheAs you can see, input value is added to the url, just like a GET.
The maximum URI size in Apache is usually 8,177 characters, but increasing that isn't the problem. Somewhere in your program, the value of your input is getting appended onto the URI, and it shouldn't be. Can you see anywhere that your program might be doing that?
You are right. There is actually two ways the program send requests : either by submitting form (which result in fields being added to the body of the request as expected). And another way for server side validation, using a XMLHttpRequest. It append everything to the URI. I might fix that part.
Under Apache, the limit is a configurable value, LimitRequestLine. Change this value to something larger than its default of 8190 if you want to support a longer request URI. Extremely long URLs are usually a mistake. If you keep URLs under 2000 characters , they'll work in virtually any combination of client and server software. URI actually have a character limit depending on several things. Chrome limits url length of 2MB for practical reasons and to avoid causing denial-of-service problems in inter-process communication. On most platforms, Chrome's omnibox limits URL display to 32kB ( kMaxURLDisplayChars ) although a 1kB limit is used on VR platforms. IE - 2083 characters, Firefox - 2047 characters, Safari 80000 characters and Opera 190,000 characters.
To resolve the problem :
By POST request: Convert query string to json object and sent to API request with POST
By GET request: Max length of request is depend on sever side as well as client side. Most webserver have limit 8k which is configurable. On the client side the different browser has different limit. The browser IE and Safari limit to 2k, Opera 4k and Firefox 8k. means the max length for the GET request is 8k and min request length is 2k.
If exceed the request max length then the request truncated outside the limit by web server or browser without any warning. Some server truncated request data but the some server reject it because of data lose and they will return with response code 414.