1. Overview

1.概述

Spring Boot web applications include a pre-configured, embedded web server by default. In some situations, though, we’d like to modify the default configuration to meet custom requirements.

Spring Boot网络应用程序默认包含一个预先配置的嵌入式 Web 服务器。但在某些情况下，我们希望修改默认配置以满足自定义需求。

In this tutorial, we’ll see how to set and use the max-http-header-size property for request headers in the application.properties file in a Spring Boot 2.x application.

在本教程中，我们将看到如何在Spring Boot 2.x应用程序的application.properties文件中为请求头设置和使用max-http-header-size属性。

2. Max-HTTP-Header-Size

2.最大HTTP报头尺寸

Spring Boot supports Tomcat, Undertow, and Jetty as embedded servers. In general, we write the server configurations inside the application.properties file or application.yaml file in a Spring Boot application.

Spring Boot支持Tomcat、Undertow和Jetty作为嵌入式服务器。一般来说，我们在Spring Boot应用程序中的application.properties文件或application.yaml文件内编写服务器配置。

Most web servers have their own set of size limits for HTTP request headers. The HTTP header values are restricted by server implementations. In a Spring Boot application, the max HTTP header size is configured using server.max-http-header-size.

大多数网络服务器对HTTP请求头都有自己的一套大小限制。HTTP头的值受服务器实现的限制。在Spring Boot应用程序中，最大的HTTP头大小是用server.max-http-header-size配置的。

The actual default value for Tomcat and Jetty is 8kB, and the default value for Undertow is 1MB.

Tomcat和Jetty的实际默认值是8kB，而Undertow的默认值是1MB。

To modify the max HTTP header size, we’ll add the property to our application.properties file:

为了修改HTTP头的最大尺寸，我们将在application.properties文件中添加该属性。

server.max-http-header-size=20000

Likewise for the application.yaml format:

同样，application.yaml格式也是如此。

server:
    max-http-header-size: 20000

From Spring Boot 2.1, we’ll now use a DataSize parsable value:

从Spring Boot 2.1开始，我们现在将使用一个DataSize可解析值。

server.max-http-header-size=10KB

3. Request Header Is Too Large

3.请求标头过大

Suppose a request is sent where the total HTTP header size is larger than the max-http-header-size value. The server rejects the request with a “400 Bad request” error. We’ll see this error in our log file in the next example.

假设一个请求被发送，其中HTTP头的总大小大于max-http-header-size值。服务器以 “400 Bad request “错误拒绝该请求。我们将在下一个例子中的日志文件中看到这个错误。

Let’s create a controller which has a header property called token:

让我们创建一个控制器，它有一个名为token的标题属性。

@RestController
@RequestMapping(value = "/request-header-test")
public class MaxHttpHeaderSizeController {
    @GetMapping
    public boolean testMaxHTTPHeaderSize(@RequestHeader(value = "token") String token) {
	return true;
    }
}

Next, let’s add some properties to our application.properties file:

接下来，让我们向我们的 application.properties文件添加一些属性。

## Server connections configuration
server.tomcat.threads.max=200
server.connection-timeout=5s
server.max-http-header-size=8KB
server.tomcat.max-swallow-size=2MB
server.tomcat.max-http-post-size=2MB

When we pass a String value that has a size greater than 8kb in the token, we’ll get the 400 error as below:

当我们在token中传递一个大小超过8kb的String值时，我们会得到如下的400错误。

And in the log, we see the below error:

而在日志中，我们看到以下错误。

19:41:50.757 [http-nio-8080-exec-7] INFO  o.a.coyote.http11.Http11Processor - Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Request header is too large
...

4. Solution

4.解决办法

We can increase the value of the max-http-header-size property in our application.properties file as per our requirements.

我们可以在application.properties文件中根据我们的要求增加max-http-header-size属性的值。

In the above program, we can upgrade its value from the default 8kb to 40KB, which will resolve the problem.

在上述程序中，我们可以将其数值从默认的8kb提升到40kb，这样就可以解决这个问题。

server.max-http-header-size=40KB

server.max-http-header-size=40KB。

Now, the server will process the request and send back a 200 response as below:

现在，服务器将处理该请求并发回一个200响应，如下所示。

Hence, whenever the header size exceeds the default values listed by the server, we’ll see the server returns a 400-Bad Request with an error “request header is too large”. We have to override the max-http-header-size value in the application configuration file to match the request header length, as we see in the above example.

因此，只要头的大小超过了服务器列出的默认值，我们就会看到服务器返回一个400-Bad Request，错误是 “请求头太大了”。我们必须覆盖应用程序配置文件中的max-http-header-size值，以匹配请求头的长度，正如我们在上面的例子中看到的那样。

In general, a request header might become too large when for example, the token used is very long due to encryption.

一般来说，请求头可能会变得太大，例如，由于加密，使用的令牌非常长。

5. Conclusion

5.总结

In this tutorial, we’ve learned how to use the max-http-header-size property in the application configuration files of our Spring Boot application.

在本教程中，我们已经学会了如何在Spring Boot应用程序的配置文件中使用max-http-header-size属性。

Then, we saw what happens when we pass a request header exceeding this size and how to increase the size of max-http-header-size in our application.properties.

然后，我们看到当我们传递的请求头超过这个尺寸时会发生什么，以及如何在我们的application.properties中增加max-http-header-size的尺寸。

As always, the source code for these examples is available over on GitHub.

一如既往，这些示例的源代码可在GitHub上获得。