Extremely long Views AJAX query string triggers 403 in AWS

Created on 10 August 2023, over 1 year ago
Updated 16 October 2023, about 1 year ago

We are using the Media Library on our Drupal 10 site. The site is hosted on AWS and is subject to WAF rules for security. We just noticed that when using the Media Library modal to choose an image from the Media Library to attach to a piece of content, it uses AJAX for its searching and pagination. Locally this works fine, but we noticed on our dev/stg/prod sites we were getting a 403 when trying to click the pagination. Our devops team looked into it and said there is a WAF rule called "SizeRestrictions_QUERYSTRING" that limits the acceptable query string to 2,048 bytes, but I guess the Drupal Views AJAX query string is really long. Here is an example from my locally running site:

http://local.lndo.site/views/ajax?media_library_opener_id=media_library.opener.editor&media_library_allowed_types%5B0%5D=image&media_library_allowed_types%5Bvector_image%5D=vector_image&media_library_selected_type=image&media_library_remaining=1&media_library_opener_parameters%5Bfilter_format_id%5D=basic_html&hash=XEFOYs7A25C7VpXeyqYOWQXT4i5gSkcXE2fzDNUWfdY&_wrapper_format=drupal_modal&_wrapper_format=drupal_ajax&view_name=media_library&view_display_id=widget&view_args=image&view_path=%2Fmedia-library&view_base_path=admin%2Fcontent%2Fmedia-widget&view_dom_id=3a04e6e256ea2717615a8386f053944a632dd5b70343415b479c9a74b2ea6ba7&pager_element=0&media_library_opener_id=media_library.opener.editor&media_library_allowed_types%5B0%5D=image&media_library_allowed_types%5Bvector_image%5D=vector_image&media_library_selected_type=image&media_library_remaining=1&media_library_opener_parameters%5Bfilter_format_id%5D=basic_html&hash=XEFOYs7A25C7VpXeyqYOWQXT4i5gSkcXE2fzDNUWfdY&_wrapper_format=drupal_modal&page=1&_drupal_ajax=1&ajax_page_state%5Btheme%5D=gin&ajax_page_state%5Btheme_token%5D=UfDi6WcY4jx6Gqc8PbEZSGtvceSl7RUg_XTD0p9OFSw&ajax_page_state%5Blibraries%5D=admin_toolbar%2Ftoolbar.tree%2Cadmin_toolbar%2Ftoolbar.tree.hoverintent%2Cadmin_toolbar_tools%2Ftoolbar.icon%2Casset_injector%2Fcss%2Fckeditor%2Casset_injector%2Fcss%2Fgin_toolbar%2Casset_injector%2Fcss%2Flocal_tasks%2Casset_injector%2Fcss%2Fmedia_library%2Casset_injector%2Fcss%2Fnode_edit%2Cbig_pipe%2Fbig_pipe%2Cckeditor5%2Finternal.drupal.ckeditor5.emphasis%2Cckeditor5%2Finternal.drupal.ckeditor5.htmlEngine%2Cckeditor5%2Finternal.drupal.ckeditor5.media%2Cckeditor5%2Finternal.drupal.ckeditor5.mediaAlign%2Cckeditor5_embedded_content%2Fembedded_content%2Cclaro%2Fglobal-styling%2Cclaro%2Fnode-form%2Ccolorbox%2Fexample3%2Ccolorbox_inline%2Fcolorbox_inline%2Ccommerce%2Ftoolbar%2Ccore%2Fckeditor5.alignment%2Ccore%2Fckeditor5.autoformat%2Ccore%2Fckeditor5.basic%2Ccore%2Fckeditor5.blockquote%2Ccore%2Fckeditor5.essentials%2Ccore%2Fckeditor5.horizontalLine%2Ccore%2Fckeditor5.htmlSupport%2Ccore%2Fckeditor5.link%2Ccore%2Fckeditor5.list%2Ccore%2Fckeditor5.pasteFromOffice%2Ccore%2Fckeditor5.removeFormat%2Ccore%2Fckeditor5.sourceEditing%2Ccore%2Fckeditor5.specialCharacters%2Ccore%2Fckeditor5.style%2Ccore%2Fckeditor5.table%2Ccore%2Fdrupal.active-link%2Ccore%2Fdrupal.autocomplete%2Ccore%2Fdrupal.collapse%2Ccore%2Fdrupal.dialog.ajax%2Ccore%2Fdrupal.dropbutton%2Ccore%2Fdrupal.entity-form%2Ccore%2Fdrupal.form%2Ccore%2Fdrupal.states%2Ccore%2Fdrupal.tableresponsive%2Ccore%2Finternal.jquery.form%2Ccore%2Fnormalize%2Cdevel%2Fdevel-toolbar%2Ceditor_advanced_link%2Fckeditor5%2Cextlink%2Fdrupal.extlink%2Cfield_group%2Fcore%2Cfield_group%2Felement.horizontal_tabs%2Cfield_group%2Fformatter.tabs%2Cfile%2Fdrupal.file%2Cfilter%2Fdrupal.filter%2Cgin%2Fedit_form%2Cgin%2Fgin%2Cgin%2Fgin_accent%2Cgin%2Fgin_base%2Cgin%2Fgin_description_toggle%2Cgin%2Fgin_horizontal_toolbar%2Cgin%2Fgin_init%2Cgin%2Fsidebar%2Cgin%2Fsticky%2Cimce%2Fdrupal.imce.ckeditor5%2Clinkit%2Fckeditor5%2Cmedia_library%2Fui%2Cmenu_ui%2Fdrupal.menu_ui%2Cnode%2Fdrupal.node%2Cnode%2Fform%2Cparagraphs%2Fdrupal.paragraphs.widget%2Cpath%2Fdrupal.path%2Cpathauto%2Fwidget%2Cshortcut%2Fdrupal.shortcut%2Csvg_image_field%2Fmedia_library%2Csystem%2Fadmin%2Csystem%2Fbase%2Ctext%2Fdrupal.text%2Ctoken%2Ftoken%2Ctoolbar%2Ftoolbar%2Ctoolbar%2Ftoolbar.escapeAdmin%2Ctour%2Ftour%2Cuser%2Fdrupal.user.icons%2Cuswds_ckeditor_integration%2Fuswds_overrides%2Cuswds_ckeditor_integration%2Fuswds_table_content_items%2Cviews%2Fviews.ajax%2Cviews%2Fviews.module

Is this normal? Is that just the normal Views AJAX query string that Drupal uses or is there maybe something else going on on our site making that URL much longer than necessary?

💬 Support request
Status

Closed: duplicate

Version

10.1

Component
Ajax 

Last updated about 22 hours ago

Created by

🇺🇸United States socalerich

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024