{"id":1744,"date":"2021-03-09T00:31:42","date_gmt":"2021-03-08T13:31:42","guid":{"rendered":"https:\/\/ntsblog.homedev.com.au\/?p=1744"},"modified":"2021-09-19T18:56:45","modified_gmt":"2021-09-19T08:56:45","slug":"aws-api-gateway-http-header-is-larger-than-10240-bytes","status":"publish","type":"post","link":"https:\/\/ntsblog.homedev.com.au\/index.php\/2021\/03\/09\/aws-api-gateway-http-header-is-larger-than-10240-bytes\/","title":{"rendered":"AWS API Gateway &#8211; HTTP header is larger than 10240 bytes."},"content":{"rendered":"<div id=\"ntsbl-4035935887\" class=\"ntsbl-before-content ntsbl-entity-placement\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-6288941070289539\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:inline-block;width:728px;height:90px;\" \ndata-ad-client=\"ca-pub-6288941070289539\" \ndata-ad-slot=\"9356781486\"><\/ins> \n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div>\n<h2 class=\"wp-block-heading\">The issue<\/h2>\n\n\n\n<p>I am running a serverless .net core website hosted as a serverless lambda function exposed via API Gateway.<\/p>\n\n\n\n<p>Over the past year I have randomly hit this issue where, during a session a user will get the error;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>HTTP header is larger than 10240 bytes.<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">The problem<\/h2>\n\n\n\n<p>We are hitting an AWS API Gateway limit. API Gateway has an unadjustable limit.<\/p>\n\n\n\n<p>10240 bytes on the total combined size of all header values.<\/p>\n\n\n\n<p>The problem is that the .net core website, stores a number of cookies like;<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>.AspNetCore.CookiesC1<\/li><li>.AspNetCore.CookiesC2<\/li><li>.AspNetCore.Antiforgery.AsW4q1BB7-Y<\/li><\/ul>\n\n\n\n<p>I was also adding my own custom cookies to support storage of some minor session state, which in a serverless solution you cannot store in any kind of local cache or in memory (would need to use a distributed cache).<\/p>\n\n\n\n<p>All in all depending on what asp.net core was doing the size of the headers was going above the 10240 limit.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A solution of sorts<\/h2>\n\n\n\n<p>The only way around this is to try and reduce the size of the payload in the header. These are some of the solutions I used;<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Jwt token claims &#8211; I remove all unused claims off the token so that we only store those that we actually need.<\/li><li>Cookies <ol><li>reduced the length of the key names.<\/li><li>limit the size of the data being stored<\/li><\/ol><\/li><li>Enable compression<\/li><\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code>services.AddResponseCompression();\n\napp.UseResponseCompression(); <\/code><\/pre>\n\n\n\n<p>This gets me to around 9,000 bytes, with a little bit of head room.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The actual solution<\/h2>\n\n\n\n<p>The real solution, it turns out is to bypass the API Gateway.<\/p>\n\n\n\n<p>Open the Lambda Entry point and you will see that there is generally a block of commented code for the various classes that the startup class can inherit from.<\/p>\n\n\n\n<p>You will need to do the following;<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Setup a load balancer<\/li><li>Setup a trigger on the lambda to be triggered from the Load Balancer<\/li><li>Update the LambdaEntryPoint class and choose to inherit from<ol><li>Amazon.Lambda.AspNetCoreServer.ApplicationLoadBalancerFunction<\/li><\/ol><\/li><li>Build and deploy your lambda<\/li><li>Reconnect your domain name to point to the ALB not the API Gateway CloudFrontstack<\/li><\/ol>\n\n\n\n<p>This will bypass the API Gateway and your problem is solved.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The issue I am running a serverless .net core website hosted as a serverless lambda function exposed via API Gateway. Over the past year I [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[32,33],"tags":[],"class_list":["post-1744","post","type-post","status-publish","format-standard","hentry","category-aws","category-lambda"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/posts\/1744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/comments?post=1744"}],"version-history":[{"count":0,"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/posts\/1744\/revisions"}],"wp:attachment":[{"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/media?parent=1744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/categories?post=1744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ntsblog.homedev.com.au\/index.php\/wp-json\/wp\/v2\/tags?post=1744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}