HTTP 411 when restricting access to MyMPD with a SSO (OpenID/Authentik) #1374
-
|
myMPD version: 18.2.1 This is not exactly a bug but rather a how-to in case some one else stumbles upon the same issue some day. I have a MyMPD instance running on Docker, and I access it using Apache as a reverse-proxy. It works flawlessly but I wanted to prevent unauthorized access using an already existing OIDP I use for several other services: Authentik. So I've configured a new OAuth/OpenID provider, just like I've done for similar services, and applied the necessary configuration to the vhost in Apache (using But after reloading the configuration and logging in through Authentik, MyMPD fails to load the page and I can see a weird Corresponding HAR below (I've removed unnecessary elements). {
"request": {
"bodySize": 78,
"method": "POST",
"url": "https://mympd.tld/api/default",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Host",
"value": "mympd.tld"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"
},
{
"name": "Accept",
"value": "*/*"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br, zstd"
},
{
"name": "Content-Type",
"value": "application/json"
},
{
"name": "Content-Length",
"value": "78"
},
{
"name": "Origin",
"value": "https://mympd.tld"
},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "Cookie",
"value": "mod_auth_openidc_session=xxxxxxxxxxxxxxxxxxxxxxxx"
},
{
"name": "Sec-Fetch-Dest",
"value": "empty"
},
{
"name": "Sec-Fetch-Mode",
"value": "same-origin"
}
],
"cookies": [
{
"name": "mod_auth_openidc_session",
"value": "xxxxxxxxxxxxxxxxxxxxxxxx"
}
],
"queryString": [],
"headersSize": 627,
"postData": {
"mimeType": "application/json",
"params": [],
"text": "{\"jsonrpc\":\"2.0\",\"id\":161954001,\"method\":\"MYMPD_API_SETTINGS_GET\",\"params\":{}}"
}
},
"response": {
"status": 411,
"statusText": "Length Required",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Date",
"value": "Sun, 17 Nov 2024 16:48:49 GMT"
},
{
"name": "Server",
"value": "Apache"
},
{
"name": "Content-Length",
"value": "0"
},
{
"name": "Via",
"value": "1.1 mympd.nanawel.homelinux.org"
},
{
"name": "Connection",
"value": "close"
}
],
"cookies": [],
"content": {
"mimeType": "text/plain",
"size": 0,
"text": ""
},
"redirectURL": "",
"headersSize": 225,
"bodySize": 930
}
}And on the server side, reading at the Docker container's logs, I can see for those calls: After digging a lot into this issue, I've finally found that the OpenID-related authentication headers added by Authentik/Apache are interfering with the request processing in MyMPD. It seems that Mongoose tries to use these headers although they're not intended for it. The solution is to strip those headers - one by one, thanks to Apache... - in the vhost like so: Thanks to mitmproxy for being here for that kind of debug sessions ^^ Hope it could help! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
It could be a problem with the number of headers. Mongoose has a limit for this. Thanks for sharing. |
Beta Was this translation helpful? Give feedback.
-
That's a good lead indeed 👍 |
Beta Was this translation helpful? Give feedback.
-
|
I looked into the source of mongoose. MG_MAX_HTTP_HEADERS is defined to 30. This is in my opinion a relatively small number. |
Beta Was this translation helpful? Give feedback.
-
|
I increased the MG_MAX_HTTP_HEADERS for the myMPD build to 50. This should solve your issue. Patch is in the v19.0.0 branch. Commit c25b1b9 |
Beta Was this translation helpful? Give feedback.
I increased the MG_MAX_HTTP_HEADERS for the myMPD build to 50. This should solve your issue. Patch is in the v19.0.0 branch.
Commit c25b1b9