Maximal header field length is not configurable

[filmor]

Long story short

When connecting with Internet Explorer using SSPI to our aiohttp server we saw that it sends tokens in the Negotiate header that are longer than the statically configured maximal length of 8 KiB. It would be helpful to allow this value to be configured in the application, as currently we have

Expected behaviour

Request with a header field longer than 8192 bytes gets handled.

Actual behaviour

We receive a LineTooLong exception (see traceback). Also note, that this triggers a failure in the error logging as the headers member has not been written at that time.

Traceback (most recent call last):
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\server.py", l
ine 247, in start
    message = yield from httpstream.read()
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\streams.py",
line 591, in read
    result = yield from super().read()
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\streams.py",
line 446, in read
    yield from self._waiter
  File "d:\Miniconda3\envs\kerberos_test\lib\asyncio\futures.py", line 358, in _
_iter__
    yield self  # This tells Task to wait for completion.
  File "d:\Miniconda3\envs\kerberos_test\lib\asyncio\tasks.py", line 290, in _wa
keup
    future.result()
  File "d:\Miniconda3\envs\kerberos_test\lib\asyncio\futures.py", line 274, in r
esult
    raise self._exception
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\parsers.py",
line 139, in feed_data
    self._parser.send(data)
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\protocol.py",
 line 201, in __call__
    headers, raw_headers, close, compression = self.parse_headers(lines)
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\protocol.py",
 line 114, in parse_headers
    'limit request headers fields size')
aiohttp.errors.LineTooLong: 400, message='got more than Unknown bytes when readi
ng limit request headers fields size'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\helpers.py",
line 365, in log
    [message, environ, response, transport, time]))
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\helpers.py",
line 352, in _format_line
    return tuple(m(args) for m in self._methods)
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\helpers.py",
line 352, in 
    return tuple(m(args) for m in self._methods)
  File "d:\Miniconda3\envs\kerberos_test\lib\site-packages\aiohttp\helpers.py",
line 301, in _format_i
    return args[0].headers.get(multidict.upstr(key), '-')
AttributeError: 'NoneType' object has no attribute 'headers'

Steps to reproduce

Request something with a header > 8k in length.

Your environment

We use a conda environment with Python 3.5 on Windows, using the latest aiohttp package from PyPI.

[djmitche]

I have fixed the secondary error, but I'm not sure what the preferred interface would be for configuring these lengths. Should the configuration values be passed to Application()? to run()? Should the user have to send a custom RequestHandlerFactory class? Or something else?

[asvetlov]

I believe it should be ServerHttpProtocol constructor keyword-only parameter.
User may change it by passing a flag into app.make_handler(...) call.

run_app is just a syntax sugar, I don't care about it too much.

[asvetlov]

Fixed by #912

[lock]

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.