Add HTTP header size guideline to production deployment checklist#11601
Add HTTP header size guideline to production deployment checklist#11601dushaniw wants to merge 3 commits into
Conversation
Documents that the default maxHttpHeaderSize on the HTTP and HTTPS Tomcat connectors is 32 KB, and calls out the requirement to keep it >= 32 KB on the ACP node when Multi-Option Authentication is used for federated portal logins. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
|
Warning Review limit reached
Next review available in: 20 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
📝 WalkthroughWalkthroughAdds an “HTTP header size” row to the production deployment checklist. It documents the 32 KB Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Adds guidance to the production deployment checklist about ensuring sufficient HTTP header/request size capacity for federated portal logins (notably Multi-Option Authentication), and updates the checklist table row striping after inserting the new entry.
Changes:
- Adds a new “HTTP header size” checklist row with background/context and a
deployment.tomloverride snippet. - Highlights a minimum
maxHttpHeaderSizerequirement (32 KB) to avoid broken federated login redirects. - Adjusts subsequent table row
odd/evenclasses to preserve zebra striping.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@en/docs/install-and-setup/setup/deployment-best-practices/production-deployment-guidelines.md`:
- Around line 122-140: Align the maxHttpHeaderSize default consistently: update
the transport templates and config catalog from 8192 to 32768, matching the
documentation and generated configuration, or revise the documentation to apply
only to the release that changes the default. Locate the relevant
maxHttpHeaderSize entries in the transport configuration templates and config
catalog and update them together.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: e8a2ac07-5d67-4664-986c-779b45379956
📒 Files selected for processing (1)
en/docs/install-and-setup/setup/deployment-best-practices/production-deployment-guidelines.md
Co-authored-by: Copilot Autofix powered by AI <[email protected]>
- Bump maxHttpHeaderSize default to 32768 in transport TOML templates and configs.json for both HTTP and HTTPS transports. - Regenerate config-catalog.md via the config-catalog-generator tool. - Add a description for maxHttpHeaderSize explaining the ACP + Multi-Option Authentication constraint. - Fix <APIM_HOME> -> <API-M_HOME> and APIM -> API-M for consistency with surrounding docs. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
| </div> | ||
| <div class="param-description"> | ||
| <p>Use this parameter to enable MTOM (Message Transmission Optimization Mechanism) for the product server.</p> | ||
| <p>Use this paramater to enable MTOM (Message Transmission Optimization Mechanism) for the product server.</p> |
There was a problem hiding this comment.
Some corrected spellings have been altered in this file. Let's revert the spelling changes and keep the config change only.
Summary
en/docs/install-and-setup/setup/deployment-best-practices/production-deployment-guidelines.md.maxHttpHeaderSizeon the HTTP and HTTPS Tomcat connectors is 32 KB (32768 bytes).deployment.tomloverride snippet and a note to align upstream reverse proxy / load balancer / ingress / CDN header limits to at least 32 KB.Related
Test plan
🤖 Generated with Claude Code