Closed Bug 1740735 Opened 4 years ago Closed 2 years ago

Scotiabank error Bad Request "Size of request header field exceeds server limit."

Categories

(Core :: Networking, defect, P2)

Product:
Core
Component:
Networking
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: overholt, Unassigned)

Details

(Whiteboard: [necko-triaged])

This could be a server-side issue and I've alerted them BUT:

STR

  • have an account with Scotia Bank
  • log into scotiaonline.scotiabank.com
  • click on an account to get details

Expected

  • account details (works in Chrome)

Actual

  • 400 Bad Request: "Your browser sent a request that this server could not understand. Size of request header field exceeds server limit."

94.0.1 on Fedora (but mozilla.org release, not the Fedora-supplied build)

disclaimer please check for sensitive information before sharing anything! You can share information privately as well by emailing necko@mozilla.com. :)

If you can still reproduce this, could you:

  1. Have the network inspector open when you initiate the offending request, and share the request headers that you can see?
  2. Capture a http log
Flags: needinfo?(overholt)

I was about to do this but it looks like they've fixed it on their side :) Thanks!

Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(overholt)
Resolution: --- → WORKSFORME

This started happening again so I looked through the Request headers. Nothing seemed out of place to me so I cleared the cookies and it started working again. Is this expected?

Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---

What I would do if I had an account, at the moment this is happening.

  1. Save the request headers sent to the server for the URL which is failing and maybe the body if it's a HTTP POST and save the response headers too.
  2. I would not clear the cookies
  3. Open a new fresh profiles with Nightly "about:profiles"
  4. Try to log to the bank again and do the thing which is just failing and save the request headers.

Compare side by side the HTTP headers to see if there is really anything abnormal in between the two.

btw I don't have the feeling this is a specific issue of Firefox. There's a flurry of issues similar for different browsers.
https://duckduckgo.com/?q=%22Bad+Request+Your+browser+sent+a+request+that+this+server+could+not+understand.+Size+of+a+request+header+field+exceeds+server+limit%22&t=ffab&ia=web

This seems to be sent by Apache servers and depends on the local configuration of LimitRequestFieldSize

What could be interesting is there is a strong different cookie sizes limits in between browsers.
or when Firefox navigates Scotia Bank, the information being sent in cookies is accumulating differently than in Chrome/Safari?

Browser cookies limits is around 4Ko (with nuances). Mike Taylor tested this recently.

https://github.com/httpwg/http-extensions/issues/1340
with some clarifications https://github.com/httpwg/http-extensions/pull/1563/files

and Chrome intent to ship
https://groups.google.com/a/chromium.org/g/blink-dev/c/0N5BePVCPVo
and WPT
https://bugs.chromium.org/p/chromium/issues/detail?id=1223516

It could be a site bug as well as a Firefox bug.
Note that when using about:networking#logging to capture the logs you should add cookie:5 to the log modules.
Thanks!

Severity: -- → S3
Priority: -- → P2
Whiteboard: [necko-triaged]

Please reopen if this is still happening.

Status: REOPENED → RESOLVED
Closed: 4 years ago2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.