I'm getting errors in the JS client (404), and an error on the server which states that it's probably a 404.15, which is query string too long).
Now, as far as I can ascertain, when using SignalR, the bearer token has to be sent in the query string, and the length of the query string in this case is 2098 chars (full URL is 2184!).
These are both more than the Edge limit of 2086, and the issue did seem to occur on Edge first.
However, apparently there is an IIS default limit of 2048, but it can be increased in web.config!
- Web app in browser is JS Angular app
- SignalR Hub running on .NET 8 server in an Azure web app (not using Azure Signal Service)
- Getting token from MSAL on JS client
Now, if I increase the allowed size using
<security>
<requestFiltering>
<requestLimits maxUrl="4096" maxQueryString="4096" />
</requestFiltering>
</security>
then all seems to be well!
But, I'm worried that the Edge limits may kick in at some point, especially as the token we are using is for a relatively small email address/user name and has no additional claims.
It also seems to me that 1000's of other devs are doing exactly what we are doing!
I also have a .NET 8 Blazor app that is doing:
var hubConnectionBuilder = new HubConnectionBuilder()
.WithUrl(HubUrl, options =>
{
options.CloseTimeout = TimeSpan.FromSeconds(120);
if (!string.IsNullOrEmpty(token?.Value))
options.AccessTokenProvider = () => Task.FromResult(token.Value);
options.Transports = HttpTransportType.WebSockets;
and that is also sending the token as a query string (although its "only" 1800 chars long).
Am I the only person to have this issue, and if so what am I doing wrong?
Or, is there an easy solution that everyone is using?
