Skip to content

Conversation

ParamConstructor
Copy link
Contributor

By default the Express body-parse payload limit is set to '100kb' (https://expressjs.com/en/resources/middleware/body-parser.html). This limit will cause the issue (PayloadTooLargeError) noted in (#11284) if your Enterprise has a large amount of data in the SSO/SAML payload body envelope.

This PR seeks to solve this issue in a configurable manner. The default is set to the current value of '100kb', but if you choose to - you can now use the auth_payload_body_size setting to increase the payload size to your required need for your Enterprise.

Proposed changes

  • Add configurable 'auth_payload_body_size' setting for the APP.
  • Solves (PayloadTooLargeError) for Enterpises with payloads that exceed the '100kb' default limit.

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case (coverage and e2e)
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

Further comments

None

Copy link

codecov bot commented Sep 3, 2025

Codecov Report

❌ Patch coverage is 50.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 65.28%. Comparing base (1dde6fd) to head (df11b15).
⚠️ Report is 16 commits behind head on master.

Files with missing lines Patch % Lines
...-platform/opencti-graphql/src/http/httpPlatform.js 0.00% 3 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master   #12248      +/-   ##
==========================================
+ Coverage   65.25%   65.28%   +0.02%     
==========================================
  Files         741      741              
  Lines       73530    73534       +4     
  Branches     8118     8119       +1     
==========================================
+ Hits        47981    48003      +22     
+ Misses      25549    25531      -18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@marieflorescontact marieflorescontact added the community use to identify PR from community label Sep 11, 2025
// -- Passport callback
const urlencodedParser = bodyParser.urlencoded({ extended: true });
// -- Default limit is '100kb' based on https://expressjs.com/en/resources/middleware/body-parser.html
const urlencodedParser = bodyParser.urlencoded({ extended: true, limit: AUTH_PAYLOAD_BODY_SIZE });
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you change it to not set the limit parameter if no auth_payload_body_size is configured? By not setting a default value for AUTH_PAYLOAD_BODY_SIZE, and checking if AUTH_PAYLOAD_BODY_SIZE is defined here before setting the limit parameter.
This way, even if the default limit is changed on the side of express, the default value of '100kb' won't have to be updated on our side since the library will handle the default value

@ParamConstructor
Copy link
Contributor Author

@JeremyCloarec - Rebased to master and made requested changes.

@SouadHadjiat SouadHadjiat changed the title [backend] Set a configurable SSO/SAML payload body size to handle enterprises that have large envelopes of data [backend] Set a configurable SSO/SAML payload body size to handle enterprises that have large envelopes of data (#11284) Sep 12, 2025
@SamuelHassine SamuelHassine merged commit 083c21c into OpenCTI-Platform:master Sep 12, 2025
10 checks passed
@SamuelHassine SamuelHassine deleted the issue/11284 branch September 12, 2025 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

community use to identify PR from community

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants