I have a node/express app that works great locally. I have uploaded it to Azure Web App and it works fine as long as I do not enable authentication. When I enable AAD auth, the app fails with STATUS 500.1011 "Bad Request". I have quite a few query parameters in the url. If I reduce the length of the parameters sufficiently the app load fine again. It seems there is some limit on the query/headers in Azure?
I have tried for several hours now to fix this, but I think I have to admit defeat. I thought maybe this would fix it, but it does not seems like it.
This is my current web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<webSocket enabled="true" />
<handlers>
<add name="iisnode" path="server.js" verb="*" modules="iisnode"/>
</handlers>
<rewrite>
<rules>
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^server.js\/debug[\/]?" />
</rule>
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
</conditions>
<action type="Rewrite" url="server.js"/>
</rule>
</rules>
</rewrite>
<security>
<requestFiltering>
<requestLimits maxQueryString="32768" maxUrl="65536"/>
</requestFiltering>
</security>
<httpErrors existingResponse="PassThrough" />
</system.webServer>
</configuration>
I think I found the problem. Node reduced max header size from 80kb to 8kb in November 2018.
There is lots of discussion about it here and here.
I tried increasing max-http-header-size, but could not get it to work on Azure. So my solution for now is to use an older version of node. Hoping there will be a solution posted in those discussions eventually.