From 0977de3e17de939279a3c433a195b66b1dc27fc4 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 15 May 2026 16:16:02 +0200 Subject: [PATCH] fix: bump Fiber ReadBufferSize to 16 KB MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fasthttp defaults to a 4 KB read buffer per connection. Any request whose header line exceeds that returns a flat HTTP 431 from Fiber before the request reaches a handler — affecting clients carrying chunked NextAuth cookies, mTLS client-cert headers, or large bearer tokens. 16 KB matches the cluster ingress-nginx large_client_header_buffers allowance. Tested 4–8 KB header payloads through shell-api.gosec.internal — all return normal app responses instead of 431. Co-Authored-By: Claude Opus 4.7 (1M context) --- cmd/server/main.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cmd/server/main.go b/cmd/server/main.go index 87334e8..3ddca3f 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -44,6 +44,12 @@ func main() { DisableStartupMessage: true, ReadTimeout: 10 * time.Second, WriteTimeout: 10 * time.Second, + // fasthttp defaults to a 4 KB read buffer per connection; + // any request whose header line exceeds that returns a flat + // HTTP 431 before any handler runs. 16 KB matches the + // cluster's nginx-ingress large_client_header buffer and + // accommodates chunked NextAuth cookies + large bearer tokens. + ReadBufferSize: 16384, }) app.Use(recover.New()) app.Use(logger.New(logger.Config{