400 Bad Request

Hi All,

I am currently managing an Open OnDemand instance in my institution, and we keep seeing this error come up:

# Bad Request

Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.

The error is not persistent. It comes up every once in a while. If you open OnDemand from an incognito tab or new browser it works. Also, if you try again with the problematic browser hours after, it works. I am so confused.

Any idea why this is happening? Any idea how to get around it?


Hello! It sounds like this is something that would show up in the Apache logs (Logging — Open OnDemand 3.1.0 documentation) - Is it possible for you to catch this your error logs and share that?

Hi @hrandquist,

I did not find anything useful in the logs. In fact, my account’s access.log/error.log were blank. No error/access gzip files were generated with today’s date.

Any clue what the error might look like?

Thank you!

Just got the error, and I can confirm that it is not reflected in the ondemand-nginx logs. Neither error.log, nor access.log.

So this is likely to do with OIDC headers or other auth headers. Can you tell me more about how your authentication is set up?

@hrandquist so I am using OIDC for auth. These are some of my OIDC settings (I believe most are default values):

  OIDCPassIDTokenAs: "serialized"
  OIDCPassRefreshToken: "On"
  OIDCPassClaimsAs: "environment"
  OIDCStripCookies: "mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1"
  OIDCResponseType: "code"

These are some other OIDC values as well:

oidc_scope: "openid profile email"
oidc_session_max_duration: 28800
oidc_state_max_number_of_cookies: "10 true"

Thank you for following up and for your help! :grin:

OK, after some research, I’ve found this has to do with the number of cookies being sent via request headers. You can use oidc_state_max_number_of_cookies to increase this limit. You can read more about the variable that’s being set here: mod_auth_openidc/auth_openidc.conf at master · OpenIDC/mod_auth_openidc · GitHub and definitely let me know if you have more questions.

Edit: Forgive me, I mispoke - you want to decrease the max number of cookies so that the header size is smaller.