Large Headers #336
Comments
|
Hm, I'm not sure how difficult that would be. In general: the cookie is managed automatically by the Supabase client, so I doubt we could interfere - without risking unwanted consequences. Once a Cookie is set, I believe it will also go along with each request (to the same domain). So, likewise, trying to toggle it on and off would probably be a risky (and significant) intervention. |
|
Allright. It seems to be more a Subabase issue then. There is an open issue on this: supabase/realtime#1244 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With the implementation of the new implicit Auth Flow, the cookie has grown further. This can cause problems. At the moment, I see these mainly with SAML authentication, but I think that keycloak logins will also be affected.
I am aware of this issue and the solution: supabase/realtime#761. However, there are problems that go beyond this: Specifically, it concerns the connection to the realtime web socket as well as IIIF requests (at least in the self-hosted IIIF setup); these connections fail due to the header beeing too large.
I have found a workaround by having Kong remove the cookie from these paths, since the cookie isn't usesd anyways. Would it be worth considering not sending the cookie at all when requests are sent to Supabase? As far as I know,
ApikeyandAuthorizationare the headers that are relevant here.The text was updated successfully, but these errors were encountered: