URL getting truncated at 255 characters

Question

I have a JavaScript widget which communicates with my Rails app by creating tags in the DOM. Every once in a while, I see a malformed request in my server logs, where the URL is truncated at 255 characters:

http://myapplication.example/mycontroller/1/myaction?hostname=www.mycustomer.example&request[param_a]=3&request[param_b]=1&request[param_c]=0&request[param_d]=0&request[param_e]=3&request[param_f]=1&request[param_g]=4&request[param_h]=0&request[param_i]=5&request

From Google and Stackoverflow (http://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-an-url), it looks like 255 characters is not a valid limit on URLs.

Here's what I know:

• This is a sporadic problem, it does not happen on ALL requests
• URL is truncated at 255 characters when this happens
• When this error happens, the user-agent is not recorded in the backtrace

Here's what I do NOT know:

• What types of browsers does this error occur on? Perhaps some mobile browser...

What's the best way to root cause this problem?

Answer 1

The best way to solve the Root Cause is to not make it a GET but a POST Request.

There is AFAIK no set limits on the length of a QueryString, so the real limit is all over the place. I know that 4000 is a limit on some web servers (can't remember if it was IIS or Apache and if it could be changed), but it is very possible that some browsers have much smaller limits. The fact that you don't get a user-agent could emphasize that it's a mobile browser, crawler or other application rather than a real browser.

POST requests are a bit more complex to do, but they can carry much bigger "payloads" and can be configured on the server side.

Answer 2

I'm not sure why it might be happening, RFC 2068 states:

Servers should be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations may not properly support these lengths.

It could be the server mishandling the long GET params, or it could be that older browsers (possibly IE6), are truncating the params before sending them in the hopes that it might avoid failed requests by the server.

However, there is no limits on POST request lengths in any browser or server (that I am aware of), so this is likely a guaranteed working solution.

Edit: This link states that certain browsers do impose limits on query string lengths, however they all seem to be fairly long. Perhaps mobile browsers limit the length to ~255 to conserve memory, as it's in a more limited quantity.