Support Article

Unable to add more than 64 websites in Allowed Websites section

SA-79658

Summary



Unable to add more than 64 websites to the application's Allowed Websites (Image Sources section).
User can add more than 64 rows (websites); however, after adding and checking in the rule, any user which points to the same application cannot access the Pega application.



Error Messages



ERROR - Encountered a StateException attempting to acquire the output stream! 
org.apache.coyote.http11.HeadersTooLargeException: An attempt was made to write more data to the response headers than there was room available in the buffer. Increase maxHttpHeaderSize on the connector or write less data into the response headers.

SECU0009 alerts


Steps to Reproduce

 
  1. Log in to the application.
  2. Open the Application Definition.
  3. Navigate to the Integration and Security tab.
  4. In the Content policy, add a policy and add more than 64 entries in the Image Source.
  5. Save and log off the application.
  6. Relogin to the application.


Root Cause



An issue in the custom application code or rules.

From the Tomcat documentation, the user can set the maxHTTPHeaderSize. If it is not set, then it defaults to 8 KB (maxHttpHeaderSize: The maximum size of the request and response HTTP header, is specified in bytes. If not specified, this attribute is set to 8192 (8 KB).


Resolution



Perform the following local-change:

For alerts, maintain a short list and add only those URLs that are frequently used. The setting of maxHttpHeaderSize is by default 8KB.

When the maxHttpHeaderSize is increased and more URLs are added to the list, the maxHttpHeaderSize must also be increased.

It is recommended to use wild cards and to reduce the list.

Published May 13, 2019 — Updated May 22, 2019

Have a question? Get answers now.

Visit the Pega Support Community to ask questions, engage in discussions, and help others.