Scanner returns HPE_HEADER_OVERFLOW at startup

[RichardDavies]

Recently when running lando start the scanner for one of our websites started returning red URLs with HPE_HEADER_OVERFLOW errors, despite the fact that the URLs all load just fine in the browser.

It appears this error is related to exceeding a max header size of 16 KB in Node.js.

Sure enough, I looked and our site had 17 KB of headers due to somewhat lengthy content-security-policy, surrogate-key, and x-drupal-cache-tags headers. I tried turning off the CSP header which reduced the size to about 16 KB and now the URLs are green again when I restart Lando.

Is there any way to adjust the max header size allowed by the scanner?

[AaronFeledy]

Not sure if lando's built-in Node respects the environment variable, but does this work?

NODE_OPTIONS='--max-http-header-size=32000' lando start

[RichardDavies]

No, that didn't work. I think that environment variable (or command line argument) needs to be set internally in Lando's scanner environment, but I don't know how to do that.

[AJV009]

FACING THE SAME issue!

[RichardDavies]

FYI I was able to work around this issue by configuring the URL scanner to check a different URL than my homepage. I pointed it to my login URL which has fewer HTTP headers since it's not cached.

.lando.yml

services:
  appserver_nginx:
    scanner:
      path: /user/login

[reynoldsalec]

Ah, that is interesting, going to move this over to the lando/core issues, would be nice to have some sort of way to work around long headers but still report back the response code.