AWS API Gateway – HTTP header is larger than 10240 bytes.

The issue

I am running a serverless .net core website hosted as a serverless lambda function exposed via API Gateway.

Over the past year I have randomly hit this issue where, during a session a user will get the error;

HTTP header is larger than 10240 bytes.

The problem

We are hitting an AWS API Gateway limit. API Gateway has an unadjustable limit.

10240 bytes on the total combined size of all header values.

The problem is that the .net core website, stores a number of cookies like;

  • .AspNetCore.CookiesC1
  • .AspNetCore.CookiesC2
  • .AspNetCore.Antiforgery.AsW4q1BB7-Y

I was also adding my own custom cookies to support storage of some minor session state, which in a serverless solution you cannot store in any kind of local cache or in memory (would need to use a distributed cache).

All in all depending on what asp.net core was doing the size of the headers was going above the 10240 limit.

A solution of sorts

The only way around this is to try and reduce the size of the payload in the header. These are some of the solutions I used;

  1. Jwt token claims – I remove all unused claims off the token so that we only store those that we actually need.
  2. Cookies
    1. reduced the length of the key names.
    2. limit the size of the data being stored
  3. Enable compression
services.AddResponseCompression();

app.UseResponseCompression(); 

This gets me to around 9,000 bytes, with a little bit of head room.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.