[Question] How to set the accepted maximum header size?

[rafaelvascc]

Hi, on our application we get JWT access tokens from an external authentication server.
Some of our users have a lot of claims and roles, making the token really large. When we set it into the Authorization header and send the request to express we get a response saying the request header is too large.
Is there a way to increase the maximum request header size on express or even make it unlimited?
Thanks.

[dougwilson]

Hi @rafaelvascc ! The header size (and the 400) are both handled by Node.js HTTP directly, before getting to Express. There are two main methods to change this in Node.js:

1. Through the --max-http-header-size command line option (https://nodejs.org/api/cli.html#cli_max_http_header_size_size)
2. Create a HTTP server (https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) with maxHeaderSize set to the value you want and add your express app there. This would replace your existing app.listen call. More information on what this looks like here: http://expressjs.com/en/api.html#app.listen_path_callback

I hope this helps!