Some Microsoft sites returning Bad Request in Google Chrome

Some Microsoft sites returns the following HTTP error in Google Chrome only 

Bad Request  Error parsing headers: 'limit request headers fields size'

Example Microsoft URL that returns a Bad Request
https://t.co/gWCNCg4an9

which expands to 

https://openedx.microsoft.com/courses/course-v1:Microsoft+AZURE202x+2017_T2/about

This is new Microsoft Learning site hosted on Azure (Microsoft's cloud service) using Open e dX^[3] an open source training platform from Harvard and MIT. 


^[1][2]

Explanation

This is normally caused by having a very large Cookie being used that exceeds the limit set for the Web Server, serving the page.

In other words the developer of site created a very large Cookie, without testing this properly on the Web Server that website is running on. This is known as edge testing and can be part of IST (Integration System Testing).

Solution

This is not a cookie issue. As of May 4th, 2017 https://openedx.microsoft.com/^[4] had this error in Chrome.

However, for other sites clear you cookies for that domain will do the trick.
You can check this using this my post^[5] on "This site can't be reached", to clear multiple cookies.

In Mozilla Firefox, for the site https://openedx.microsoft.com/ sets a csrftoken cookie, but not in Chrome. Chromes doesn't even have a chance to set a cookie yet. 

https://openedx.microsoft.com/ is running on Nginx server.  Read my post on how to get the server manufacturer.

This error will be resolved quickly, because they cannot negate Chrome representing 60% of market share^[8] for long.

User Microsoft IE or Mozilla Firefox browser instead.

^[6][7]

Why NGIX Server Hosted Websites? 

Lately the Bad Request error is occurring many times on Microsoft and Microsoft Affiliated Websites when using Chrome.

One began to suspect that this was a ploy by Microsoft to generate traffic for IE. However, most likely its just poor developer testing.

For  sites hosted on NGIX servers, this header buffer size^[9] is only 8k. 

Syntax:	large_client_header_buffers number size;
Default:	large_client_header_buffers 4 8k;
Context:	http, server

What generally happens is that all the cookies used by your site get combined into one header and that may cause you to go over the default limit which is 8192 bytes.

This is a tricky error to catch as it only affects people who have cookies over the allotted capacity. Some of your users might experience issues when their cookie size exceeds 8k or like in my case, some pages that set additional cookie value might push you over the limit.

In the first scenario once the user has cookies that are over the limit they wont be able to use the site any more while other users might access the same pages with no problem while their cookies are under the limit. 

Why Microsoft Websites?

In some instances, when authentication is required by a site using Microsoft Live credentials, Bad Request error was showing up.

Microsoft Sites and affiliated sites use common infrastructure for their credential store using Microsoft Passport, which lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication.

According to the official the Microsoft definition for Bad Request[10] for IIS Web Server for following reason;  

Kerberos authentication token for the user increases in size. The HTTP request that the user sends to the IIS server contains the Kerberos token in the WWW-Authenticate header, and the header size increases as the number of groups goes up.  If the HTTP header or packet size increases past the limits configured in IIS, IIS may reject the request and send this error as the response.

So if the authentication token is too big, it would cause the Bad Request error. However, this problem peaked about 2 years ago and now has subsided, but mentioned for completeness.

So we are left with the remaining reason; generally no funds or time to do the right testing.

The default Microsoft IIS Web Server Header Limits is 64K, which is quite sufficient, but can break, if integrated systems testing is not part of the project plan

For Microsoft IIS HTTP Server, this limit is set by Header Limits <headerLimits> directive (default 64K). The Header Limits <headerLimits>  directive allows the Web server administrator to reduce or increase the limit on the allowed size of an HTTP request header field. The  element of the  collection contains a collection of elements that specify the maximum size in bytes for HTTP headers. 

Chrome Acceptance Header Size  (not the problem)

Chrome can accept a header size of max 256Kb. 

Actual limit seems to be 256KB for the whole HTTP header. Error message appears: "Error 325 (net::ERR_RESPONSE_HEADERS_TOO_BIG): Unknown error."

References

1. ^{^} https://t.co/gWCNCg4an9 (t.co)
2. ^{^} https://openedx.microsoft.com/courses/course-v1:Microsoft+AZURE202x+2017_T2/about (openedx.microsoft.com)
3. ^{^} Open edX (open.edx.org)
4. ^{^} https://openedx.microsoft.com/ (openedx.microsoft.com)
5. ^{^} post (metadataconsulting.blogspot.ca)
6. ^{^} https://openedx.microsoft.com/ (openedx.microsoft.com)
7. ^{^} Nginx (www.nginx.com)
8. ^{^} 60% of market share (www.netmarketshare.com)
9. ^{^} header buffer size (nginx.org)
10. ^{^} Bad Request (support.microsoft.com)

Source: feedproxy.google.com

Related Posts To Some Microsoft sites returning Bad Request in Google Chrome

Some Microsoft sites returning Bad Request in Google Chrome 2017-05-10T07:00:00-07:00 Rating: 4.5 Posted by: oliv7081