Kibana server fails to handle long query string parameters

[azasypkin]

Kibana version: 7.5+ (haven't checked on earlier versions)

Browser version: any browser

Describe the bug: when opening Kibana with a very long query string parameters Kibana returns 400 and logs server error [11:40:44.623] [error][client][connection] Error: Parse Error in the terminal. It's a problem for the SAML authentication when we try to grab Kibana URL fragment and pass it to the server within a query string parameter.

Steps to reproduce:

1. Open this link (e.g. 'http://localhost:5601/app/kibana?query=' + 'kibana'.repeat(1500)) on your local Kibana instance
2. Observe a white screen in browser
3. Observe error in the terminal

Expected behavior: Either such long URL should be properly processed and forwarded to the handler if any or error should be clear

Errors in browser console (if relevant): no errors visible, only 400 in the browser network tab

Provide logs and/or server output (if relevant): server error [11:40:44.623] [error][client][connection] Error: Parse Error

Any additional context: localhost_Archive [19-12-18 11-45-35].zip

/cc @elastic/kibana-security @restrry

[elasticmachine]

Pinging @elastic/kibana-platform (Team:Platform)

[pgayvallet]

The actual error:

{ [Error: Parse Error]
  bytesParsed: 8192,
  code: 'HPE_HEADER_OVERFLOW',

obtained by adding debug logging from

kibana/src/core/server/http/http_tools.ts

Lines 109 to 113 in 1c415e0

	server.listener.on('clientError', (err, socket) => {
	if (socket.writable) {
	socket.end(Buffer.from('HTTP/1.1 400 Bad Request\r\n\r\n', 'ascii'));
	} else {
	socket.destroy(err);

No associated stack trace, unfortunately.

From https://stackoverflow.com/questions/35328725/hpe-header-overflow-exception-when-make-http-request this is directly related to node parser.

Starting with node --max-old-space-size=8000 --max-http-header-size=80000 scripts/kibana.js --no-base-path --dev fixes the issue.

This is related to operations, not platform. Not sure we should do anything though. Very long urls are a bad practice, can be problematic for some proxies/middlewares (such as IIS), and that's basically what payloads are for.

[elasticmachine]

Pinging @elastic/kibana-operations (Team:Operations)

[mshustov]

@pgayvallet Shouldn't we log clientError at least? Otherwise, an exception is swallowed and users have no idea how to solve their problem.

[pgayvallet]

We should probably do so.

I couldn't find where (in the legacy I guess?) the trapped error log
(server error [11:40:44.623] [error][client][connection] Error: Parse Error)
is coming from. We should probably remove it and handle low-level server errors in NP instead.

[azasypkin]

Thanks for investigation! Since it's a natural limit of NodeJS we'll see how we can handle our specific SAML issue without hitting this limit instead in #53478. Looks like this issue isn't really actionable apart from adding a better logging.

[jbudz]

We can bump the limit if needed - we have done once before. The only thing we're looking for on the ops side is to avoid infinite headers. It;s set in bin/kibana