Logging in breaks subsequent requests w/ Authorization header

[dejan9393]

It seems that after logging in, if the authenticated GitLab user belongs to a lot of groups/projects, the JWT that is used in the Authorization header can get to a size large enough to cause net::ERR_CONNECTION_CLOSED errors.
Has anyone else run into this?

[dejan9393]

I've managed to find a workaround by increasing the max http header size in node and a few extra config lines for my reverse proxy (nginx):

Added

# docker-compose.yml

services:
  verdaccio:
    ...
    environment:
      - NODE_OPTIONS=--max-http-header-size=32000

to docker-compose.yml

and

# /etc/nginx/conf.d/verdaccio.conf

server {
  listen 443 ssl;
  ...
  http2_max_field_size 32k;
  http2_max_header_size 32k;
  ...
}

to the server block in my NGINX verdaccio config

[dlouzan]

This looks like a duplicate of #75, we'll be taking a look at this in the next weeks, the integration with verdaccio 4.x will be improved.

Thanks for the nginx extras, that might come handy when documenting solutions for this.