Problem statement
When calling the “/userinfo” endpoint, it returns a "Request Header or Cookie Too Large"
error.
Symptoms
Error Message: Request Header or Cookie Too Large
- Error seems to be returned from Nginx
Cause
- Auth0 has a hard limit on the header size (8k), and if the header size exceeds that limit, you will see an error returned from Nginx (reverse proxy software Auth0 uses for its APIs) saying “Request Header or Cookie Too Large”.
Solution
Having an Access Token with too many scopes can bloat the size of the Access Token. However, there can be several other cases that can cause this error.
- Cookie size in the Request Header.
- You are using a Custom Domain with a Reverse Proxy that’s adding additional cookies to the Request Header.
There are also some cases where this error can be reproduced in Postman. Postman adds a cookie to the request headers, and it’s not possible to remove that cookie from the request.
The solution to this issue is to reduce the size of request headers. Ideally, removing any unnecessary cookies and request headers will help fix the issue.