Webpack-dev-server: 400 Bad request due to Node limiting header size to 8kB

Created on 8 Mar 2019  路  3Comments  路  Source: webpack/webpack-dev-server
  • Operating System: Windows 10
  • Node Version: 10.15.1
  • NPM Version: 6.4.1
  • webpack Version: 4.26.1
  • webpack-dev-server Version: 3.2.1
  • [ ] This is a bug
  • [x] This is a modification request

Code

// webpack.config.js

// additional code, remove if not needed.

Expected Behavior

Actual Behavior

For Bugs; How can we reproduce the behavior?

For Features; What is the motivation and/or use-case for the feature?

We are using webpack-dev-server for a proxy but rather annoyingly it is returning 400 Bad request as the headers are larger that 8192. I understand that this is a node "feature" https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/#denial-of-service-with-large-http-headers-cve-2018-12121
But also understand they have subsequently allowed this to be overriden https://github.com/nodejs/node/issues/24692
and available as a cli option
https://github.com/nodejs/node/pull/24811/commits
Is there any chance this could be exposed as a property in the webpack-dev-server cli?

This works

node --max-http-header-size=16385 ./node_modules/webpack-dev-server/bin/webpack-dev-server.js --config ./webpack.dev.js

but it would be great to expose this property via the cli such that i can use

webpack-dev-server --config ./webpack.dev.js
... and specify the max-http-header-size in my webpack.dev.js config

server minor 4 (inconvenient) feature
Source
picture ed-sparkes
👍10

Most helpful comment

One way to fix this is to make this for example in your package.json

"scripts": {
"start": "NODE_OPTIONS='--max-http-header-size=100000' rescripts start"
}

Here rescripts boots a webpack-dev-server but this shows you can apply this option without having to explicitly tell webpack-dev-server about it, just directly apply NODE_OPTIONS. Hope that helps.

picture cmdcolin on 2 Nov 2019
👍5 🎉1

All 3 comments

PR welcome

alexander-akait picture alexander-akait on 11 Mar 2019

One way to fix this is to make this for example in your package.json

"scripts": {
"start": "NODE_OPTIONS='--max-http-header-size=100000' rescripts start"
}

Here rescripts boots a webpack-dev-server but this shows you can apply this option without having to explicitly tell webpack-dev-server about it, just directly apply NODE_OPTIONS. Hope that helps.

cmdcolin picture cmdcolin on 2 Nov 2019
👍5 🎉1

Solution above, we should improve docs - https://github.com/webpack/webpack.js.org/issues/3740

alexander-akait picture alexander-akait on 12 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mrdulin picture mrdulin  路  3Comments
wojtekmaj picture wojtekmaj  路  3Comments
piotrszaredko picture piotrszaredko  路  3Comments
uMaxmaxmaximus picture uMaxmaxmaximus  路  3Comments
gimmi picture gimmi  路  3Comments