Datatables in DT::datatables(R cran) are throwing a 503 error with oversized headers...

Datatables in DT::datatables(R cran) are throwing a 503 error with oversized headers...

kramerrskramerrs Posts: 5Questions: 1Answers: 0

I get a 503 error when the browser request contains oversized cookies, causes my entire application to crash. My environment is saml SSO so I don't have control over the cookies that are transmitted. I can verify this by editing an unrelated cookie from the same domain in the browser then reloading the page. A large cookie causes the web page to display the 500 ajax error and crashes the Shiny application. I believe this is a data tables issue because the log show the app_proxy endpoint. I have updated to the most recent version of Datatables and the cookie that is edited are unrelated to the functionality of Datatables.

Answers

  • allanallan Posts: 60,903Questions: 1Answers: 9,927 Site admin

    I would suggest you ask the Shiny DataTables developers. That is not us - I think this might be the right place to address your query.

    DataTables core does not use cookies (it used to a very long time ago for state saving, but localStorage is used now). So the cookie must come from the Shiny app (although I don't know why they would be setting a cookie and a code search on their repo shows they don't appear to be doing so).

    In fact, during that search I see you have posted the question there.

    I would suggest you look at the contents of the cookies and find out what it seeing them.

    Allan

  • kramerrskramerrs Posts: 5Questions: 1Answers: 0

    Hi allan,

    I wasn't sure, and went ahead and posted to the shiny forums however....

    To be clear....

    I saw that datatables no longer uses cookies. The issue is with handling cookies from other sites in the headers. If that makes any difference.

  • allanallan Posts: 60,903Questions: 1Answers: 9,927 Site admin

    I'm not clear on how cookies from other sites is an issue for DataTables? Do you mean other sites / pages have set cookies which are so long they are over the 4K limit for cookies and the Ajax request DataTables is making is failing because of that? Surely all requests will fail if so? DataTables doesn't attempt to handle cookies at all, so if there is an error in the cookies, it is whatever is setting them.

    Allan

  • kramerrskramerrs Posts: 5Questions: 1Answers: 0

    Yes, it is the other cookies causing various issues, in the ajax http request. I can get several errors just by adding a cookie and varying the length. One as you alluded to, the 4K limit, the browser shows the cookie in red when I do this. One happens that is slightly shorter I get a 503 error from the endpoint itself, where the cookie is not red in the browser developer section.

    503 the messages hits the endpoint, but the server is unable to parse the message.

    and yet another is a 400 error. Likely somewhere else in the proxy router, likely due to an overall size of the http request, by adding numerous large cookies.

  • allanallan Posts: 60,903Questions: 1Answers: 9,927 Site admin

    I'm afraid it will take a dive into whatever is setting the cookies in that case. Sorry we can't help any further with that.

    Allan

  • kramerrskramerrs Posts: 5Questions: 1Answers: 0

    Hi allan, as this is an SSO environment, they are on my domain, I don't have control what others are putting in the cookies very much, except to pull some router wizardry, which isn't a bad idea. However, I suspect I and others may have encountered this error before.

    Explicitly a cookie with length 3979 named test will cause a 503 error to be thrown by the datatables app_proxy ajax endpoint.

    I don't believe that is over the 4k limit in the standard, as the browser doesn't mark this as a bad cookie.

    I tested this in a private browser with a minimum of other cookies.
    A spring boot session id at 50bytes, SAML auth cookie at 1565, a router session cookie at 35, a saml session cookie at 1132, a google analytics cookies at 51 and 30.

    I can delete the cookie and the page will load and function properly.

  • kramerrskramerrs Posts: 5Questions: 1Answers: 0

    FYI

    It seems to be an issue with the total length of the header, as a combination of smaller cookies can cause the 503.

  • allanallan Posts: 60,903Questions: 1Answers: 9,927 Site admin

    I'm honestly not sure I can contribute anything to the discussion here. DataTables doesn't use cookies.

    I can say that the 4K limit is all cookies combined together. Not 4K per cookie.

    Allan

Sign In or Register to comment.