id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1508	When browser access nginx http/2 server with large cookies, nginx don't return HTTP4xx but return http/2 ENHANCE YOUR CALM error.	kazuki_yasufuku.dwango.co.jp@…		"If Browser eat large cookies, nginx enabled http/2 will not return any HTTP response, but disconnect http/2 session.
This behavior has the following problems

1. Browser cannot display any error page, but display connection error.
2. No way to delete Browser cookie from server side.
3. User have no way to know that it's caused by large cookies

To solve this problem, nginx should return customizable 431 HTTP response for these situations to delete large cookies.


When set large cookies and setting error_log to debug, Nginx was logging the request as follows:
{{{
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 http header: ""accept-language: ja,en-US;q=0.9,en;q=0.8""
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 get indexed header: 32
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 hpack encoded string length: 323
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 add header to hpack table: ""cookie: cookieBomb830=aaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa""
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 hpack table account: 552 free:3585
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 get indexed header: 32
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 hpack encoded string length: 323
2018/03/07 16:29:17 [debug] 118037#0: *105 posix_memalign: 00007FAA46ECDCB0:1024 @16
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 add header to hpack table: ""cookie: cookieBomb831=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa""
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 hpack table account: 552 free:3033

(Abbreviation)

2018/03/07 16:29:17 [debug] 118037#0: *105 http2 add header to hpack table: ""cookie: cookieBomb859=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa""
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 hpack table account: 552 free:232
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 get indexed header: 32
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 hpack encoded string length: 323
2018/03/07 16:29:17 [debug] 118037#0: *105 posix_memalign: 00007FAA46F6B510:1024 @16
2018/03/07 16:29:17 [info] 118037#0: *105 client exceeded http2_max_header_size limit while processing HTTP/2 connection, client: 101.110.31.250, server: 0.0.0.0:443
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 state connection error
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 send GOAWAY frame, status:11
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 frame out: 00007FAA46F49470 sid:0 bl:0 len:8
2018/03/07 16:29:17 [debug] 118037#0: *105 malloc: 00007FAA46F6B920:4096
2018/03/07 16:29:17 [debug] 118037#0: *105 SSL buf copy: 17
2018/03/07 16:29:17 [debug] 118037#0: *105 SSL to write: 17
2018/03/07 16:29:17 [debug] 118037#0: *105 SSL_write: 17
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 frame sent: 00007FAA46F49470 sid:0 bl:0 len:8
2018/03/07 16:29:17 [debug] 118037#0: *105 http2 close stream 1, queued 0, processing 1
2018/03/07 16:29:17 [debug] 118037#0: *105 http close request
2018/03/07 16:29:17 [debug] 118037#0: *105 http log handler
2018/03/07 16:29:17 [debug] 118037#0: *105 free: 00007FAA46ED59E0, unused: 0
2018/03/07 16:29:17 [debug] 118037#0: *105 free: 00007FAA46F3A210, unused: 1163
2018/03/07 16:29:17 [debug] 118037#0: *105 close http connection: 19
2018/03/07 16:29:17 [debug] 118037#0: *105 SSL_shutdown: 1
}}}
"	defect	closed	major		nginx-core	1.11.x	duplicate	http/2 Cookie		"Linux nicogame-res01-dev 4.12.1-1.el7.elrepo.x86_64 #1 SMP Thu Jul 13 07:25:32 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
"	"nginx version: nginx/1.11.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with LibreSSL 2.4.5
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx-1.11.1 --user=nginx --group=nginx --pid-path=/run/nginx-1.11.1.pid --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-debug --with-openssl=/root/libressl-2.4.5 --with-ld-opt=-Wl,-rpath,/opt/luajit-2.0.4/lib --add-module=/root/ngx_devel_kit-0.3.0 --add-module=/root/lua-nginx-module-0.10.7 --add-module=/root/headers-more-nginx-module-0.32 --add-dynamic-module=/root/ngx-signed-cookie-module-0.1
"