POST requests with large bodies fail on subrequest to /_jwks_uri

[alanwilkie-finocomp]

When a POST request with a large body is sent to an endpoint that has client_max_body_size set appropriately at the "location" level, the request returns 500. Normally, a request that fails the client_max_body_size check returns a 413 error, so the 500 error implies that a check is failing after the initial request. The nginx log shows messages like: 2024/08/22 02:18:47 [error] 6252#6252: *704866 client intended to send too large body: 1143545 bytes, client: 192.168.46.29, server: devcluster.finocomp.local, request: "POST /upload HTTP/1.1", subrequest: "/_jwks_uri", host: "devcluster.finocomp.local", referrer: "http://devcluster.finocomp.local/upload"

The mention of subrequest: "/_jwks_uri" led me to look at its configuration in openid_connect.server_conf. My suspicion is that the body size is being checked before the subrequest is performed, even though proxy_method GET and proxy_set_header Content-Length "" are being applied.

I modified the configuration to add a client_max_body_size directive:

    location = /_jwks_uri {
        internal;
        client_max_body_size 0;
        # ... etc ...

Large file uploads now work as expected.

I think it should be safe to disable the client_max_body_size check here because the subrequest is proxied as a GET regardless of the original request type and should never have a body.