5791: Login page might trigger upstream sent too big header error in NGINX - Composr CMS feature tracker

ID	Project	Category	View Status	Date Submitted	Last Update

5791	Composr	core	public	2024-06-28 02:44	2024-10-26 17:10

Reporter	PDStig	Assigned To	Guest
Priority	high	Severity	minor
Status	new	Resolution	open
Product Version	11.alpha4

Summary	5791: Login page might trigger upstream sent too big header error in NGINX
Description	The login page on one of my v11 sites triggers "upstream sent too big header" from NGINX (proxied with PHP-FPM / Apache) when trying to log in. Many online resources suggest increasing the buffer size. I believe this is bad practice. The issue is likely Composr and that we need to reduce the headers sent by it. Possibly CSP is the culprit? Investigate this and fix as necessary.
Tags	Roadmap: v11
Attach Tags	(Separate by ",")

Time estimation (hours)
Sponsorship open

Date Added	Member	Amount Sponsored

admin 2024-06-28 02:44 administrator ~8844	Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.

PDStig 2024-09-06 01:27 administrator ~9298	CSP is definitely the culprit. But it is mainly because of all the non-bundled addons.

PDStig 2024-10-26 17:10 administrator ~9532	Nope, it has nothing to do with non-bundled addons. This happens on enquire on new IPs when someone tries to log in and needs to verify their IP address.

View Status	Private (for security issues or disclosing of private information; if you submit as a guest, you will not be able to see your submission)
Note
Upload Files Maximum size: 32,768 KiB	Attach files by dragging & dropping, selecting or pasting them.
You are not logged in	You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Date Modified	Username	Field	Change
2024-07-25 22:23	Chris Graham	Tag Attached: Roadmap: v11
2024-09-06 01:27	PDStig	Note Added: 0009298
2024-10-26 17:10	PDStig	Note Added: 0009532