-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kibana server fails to handle long query string parameters #53464
Comments
Pinging @elastic/kibana-platform (Team:Platform) |
The actual error:
obtained by adding debug logging from kibana/src/core/server/http/http_tools.ts Lines 109 to 113 in 1c415e0
No associated stack trace, unfortunately. From https://stackoverflow.com/questions/35328725/hpe-header-overflow-exception-when-make-http-request this is directly related to node parser. Starting with This is related to operations, not platform. Not sure we should do anything though. Very long urls are a bad practice, can be problematic for some proxies/middlewares (such as IIS), and that's basically what payloads are for. |
Pinging @elastic/kibana-operations (Team:Operations) |
@pgayvallet Shouldn't we log clientError at least? Otherwise, an exception is swallowed and users have no idea how to solve their problem. |
We should probably do so. I couldn't find where (in the legacy I guess?) the trapped error log |
Thanks for investigation! Since it's a natural limit of NodeJS we'll see how we can handle our specific SAML issue without hitting this limit instead in #53478. Looks like this issue isn't really actionable apart from adding a better logging. |
We can bump the limit if needed - we have done once before. The only thing we're looking for on the ops side is to avoid infinite headers. It;s set in |
Ah, that's interesting, thanks! I didn't realize that we already bumped |
If the limit is changed, we should coordinate with Cloud to ensure the increase is supported in their routing layer. |
Proposal: Instead of capturing the url prior to SAML redirect into the URL, can we capture the URL into localStorage? This would remove it from the URL and Kibana's web javascript side would just look at the localStorage for a place to jump to after landing back at the SAML auth redirect. Impact:
|
Well, it's not that simple as it may seem since we need to consider a number of things 😉 If you're curious what options we considered and why we come up with what we have now you can follow the discussion here and here. Having said that we have a plan on how to solve it nicely and completely, but we're still missing some pieces from the platform (proper custom standalone HTML views) and security (server-side sessions). It just a matter of time and priority, but we'll eventually get there (luckily only SAML is suffering from this, OpenID Connect and other SSO mechanisms we supoort don't have such issues). |
I mainly suggested this because I use cookies/localStorage for this same purpose with OAuth2 on some internal apps. Thanks for the links to the background! I enjoy reading these kinds of things <3 |
I'm closing this issue since with server-side session we've introduced in 7.10 long URLs is no longer a problem for Kibana's SSO providers (i.e. example from #53464 (comment) works well on 7.10) and Thanks everyone! |
Kibana version: 7.5+ (haven't checked on earlier versions)
Browser version: any browser
Describe the bug: when opening Kibana with a very long query string parameters Kibana returns
400
and logsserver error [11:40:44.623] [error][client][connection] Error: Parse Error
in the terminal. It's a problem for the SAML authentication when we try to grab Kibana URL fragment and pass it to the server within a query string parameter.Steps to reproduce:
'http://localhost:5601/app/kibana?query=' + 'kibana'.repeat(1500)
) on your local Kibana instanceExpected behavior: Either such long URL should be properly processed and forwarded to the handler if any or error should be clear
Errors in browser console (if relevant): no errors visible, only
400
in the browser network tabProvide logs and/or server output (if relevant):
server error [11:40:44.623] [error][client][connection] Error: Parse Error
Any additional context: localhost_Archive [19-12-18 11-45-35].zip
/cc @elastic/kibana-security @restrry
The text was updated successfully, but these errors were encountered: