Output can exceed header size limit

[mbolli]

I got a really indescriptive error message in my logs:

[Wed Apr 10 09:33:24.816821 2024] [proxy_fcgi:error] [pid 730003] [client 10.0.0.32:52632] Premature end of script headers: index.php, referer: http://xxx
[Wed Apr 10 09:33:24.816849 2024] [proxy_fcgi:error] [pid 730003] [client 10.0.0.32:52632] AH01070: Error parsing script headers, referer: http://xxx
[Wed Apr 10 09:33:24.816856 2024] [proxy_fcgi:error] [pid 730003] (22)Invalid argument: [client 10.0.0.32:52632] AH01075: Error dispatching request to : , referer: http://xxx

After some debugging I found that the Server-Timing header was way too large, due to having too many timing entries.

On most apache configurations, the LimitRequestFieldSize variable is around 8 KB, although I don't know of a way to read it in PHP.

My proposal here is to introduce a configurable option of e.g. maxHeaderSize. This rule would be best enforced in front of this line probably:

server-timing-middleware/src/ServerTimingMiddleware.php

Line 139 in 411b5a6

return $header = (string) preg_replace("/, $/", "", $header);

[tuupola]

Dorry did not see this earlier. I need to read the spec a bit and think about this. Probably could split the data to multiple Server-Timing headers.

[DanielRuf]

Some additional information: I think (I did not verify this) HPACK also reduces the bytes needed for the response, when multiple header fields are used.