GoSec_Cloud/gsc-shell-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: bump Fiber ReadBufferSize to 16 KB

Browse Source 
fasthttp defaults to a 4 KB read buffer per connection. Any request
whose header line exceeds that returns a flat HTTP 431 from Fiber
before the request reaches a handler — affecting clients carrying
chunked NextAuth cookies, mTLS client-cert headers, or large bearer
tokens.

16 KB matches the cluster ingress-nginx large_client_header_buffers
allowance. Tested 4–8 KB header payloads through shell-api.gosec.internal
— all return normal app responses instead of 431.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude
2026-05-15 16:16:02 +02:00
parent bb110e26af
commit 0977de3e17
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/server/main.go
View File

@@ -44,6 +44,12 @@ func main() {
DisableStartupMessage: true, DisableStartupMessage: true,
ReadTimeout: 10 * time.Second, ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second, WriteTimeout: 10 * time.Second,
// fasthttp defaults to a 4 KB read buffer per connection;
// any request whose header line exceeds that returns a flat
// HTTP 431 before any handler runs. 16 KB matches the
// cluster's nginx-ingress large_client_header buffer and
// accommodates chunked NextAuth cookies + large bearer tokens.
ReadBufferSize: 16384,
}) })
app.Use(recover.New()) app.Use(recover.New())
app.Use(logger.New(logger.Config{ app.Use(logger.New(logger.Config{