Contrib.social

Extremely long Views AJAX query string triggers 403 in AWS

Open on Drupal.org →
Created on 10 August 2023, 11 months ago
Updated 16 October 2023, 8 months ago

We are using the Media Library on our Drupal 10 site. The site is hosted on AWS and is subject to WAF rules for security. We just noticed that when using the Media Library modal to choose an image from the Media Library to attach to a piece of content, it uses AJAX for its searching and pagination. Locally this works fine, but we noticed on our dev/stg/prod sites we were getting a 403 when trying to click the pagination. Our devops team looked into it and said there is a WAF rule called "SizeRestrictions_QUERYSTRING" that limits the acceptable query string to 2,048 bytes, but I guess the Drupal Views AJAX query string is really long. Here is an example from my locally running site:

http://local.lndo.site/views/ajax?media_library_opener_id=media_library.opener.editor&media_library_allowed_types%5B0%5D=image&media_library_allowed_types%5Bvector_image%5D=vector_image&media_library_selected_type=image&media_library_remaining=1&media_library_opener_parameters%5Bfilter_format_id%5D=basic_html&hash=XEFOYs7A25C7VpXeyqYOWQXT4i5gSkcXE2fzDNUWfdY&_wrapper_format=drupal_modal&_wrapper_format=drupal_ajax&view_name=media_library&view_display_id=widget&view_args=image&view_path=%2Fmedia-library&view_base_path=admin%2Fcontent%2Fmedia-widget&view_dom_id=3a04e6e256ea2717615a8386f053944a632dd5b70343415b479c9a74b2ea6ba7&pager_element=0&media_library_opener_id=media_library.opener.editor&media_library_allowed_types%5B0%5D=image&media_library_allowed_types%5Bvector_image%5D=vector_image&media_library_selected_type=image&media_library_remaining=1&media_library_opener_parameters%5Bfilter_format_id%5D=basic_html&hash=XEFOYs7A25C7VpXeyqYOWQXT4i5gSkcXE2fzDNUWfdY&_wrapper_format=drupal_modal&page=1&_drupal_ajax=1&ajax_page_state%5Btheme%5D=gin&ajax_page_state%5Btheme_token%5D=UfDi6WcY4jx6Gqc8PbEZSGtvceSl7RUg_XTD0p9OFSw&ajax_page_state%5Blibraries%5D=admin_toolbar%2Ftoolbar.tree%2Cadmin_toolbar%2Ftoolbar.tree.hoverintent%2Cadmin_toolbar_tools%2Ftoolbar.icon%2Casset_injector%2Fcss%2Fckeditor%2Casset_injector%2Fcss%2Fgin_toolbar%2Casset_injector%2Fcss%2Flocal_tasks%2Casset_injector%2Fcss%2Fmedia_library%2Casset_injector%2Fcss%2Fnode_edit%2Cbig_pipe%2Fbig_pipe%2Cckeditor5%2Finternal.drupal.ckeditor5.emphasis%2Cckeditor5%2Finternal.drupal.ckeditor5.htmlEngine%2Cckeditor5%2Finternal.drupal.ckeditor5.media%2Cckeditor5%2Finternal.drupal.ckeditor5.mediaAlign%2Cckeditor5_embedded_content%2Fembedded_content%2Cclaro%2Fglobal-styling%2Cclaro%2Fnode-form%2Ccolorbox%2Fexample3%2Ccolorbox_inline%2Fcolorbox_inline%2Ccommerce%2Ftoolbar%2Ccore%2Fckeditor5.alignment%2Ccore%2Fckeditor5.autoformat%2Ccore%2Fckeditor5.basic%2Ccore%2Fckeditor5.blockquote%2Ccore%2Fckeditor5.essentials%2Ccore%2Fckeditor5.horizontalLine%2Ccore%2Fckeditor5.htmlSupport%2Ccore%2Fckeditor5.link%2Ccore%2Fckeditor5.list%2Ccore%2Fckeditor5.pasteFromOffice%2Ccore%2Fckeditor5.removeFormat%2Ccore%2Fckeditor5.sourceEditing%2Ccore%2Fckeditor5.specialCharacters%2Ccore%2Fckeditor5.style%2Ccore%2Fckeditor5.table%2Ccore%2Fdrupal.active-link%2Ccore%2Fdrupal.autocomplete%2Ccore%2Fdrupal.collapse%2Ccore%2Fdrupal.dialog.ajax%2Ccore%2Fdrupal.dropbutton%2Ccore%2Fdrupal.entity-form%2Ccore%2Fdrupal.form%2Ccore%2Fdrupal.states%2Ccore%2Fdrupal.tableresponsive%2Ccore%2Finternal.jquery.form%2Ccore%2Fnormalize%2Cdevel%2Fdevel-toolbar%2Ceditor_advanced_link%2Fckeditor5%2Cextlink%2Fdrupal.extlink%2Cfield_group%2Fcore%2Cfield_group%2Felement.horizontal_tabs%2Cfield_group%2Fformatter.tabs%2Cfile%2Fdrupal.file%2Cfilter%2Fdrupal.filter%2Cgin%2Fedit_form%2Cgin%2Fgin%2Cgin%2Fgin_accent%2Cgin%2Fgin_base%2Cgin%2Fgin_description_toggle%2Cgin%2Fgin_horizontal_toolbar%2Cgin%2Fgin_init%2Cgin%2Fsidebar%2Cgin%2Fsticky%2Cimce%2Fdrupal.imce.ckeditor5%2Clinkit%2Fckeditor5%2Cmedia_library%2Fui%2Cmenu_ui%2Fdrupal.menu_ui%2Cnode%2Fdrupal.node%2Cnode%2Fform%2Cparagraphs%2Fdrupal.paragraphs.widget%2Cpath%2Fdrupal.path%2Cpathauto%2Fwidget%2Cshortcut%2Fdrupal.shortcut%2Csvg_image_field%2Fmedia_library%2Csystem%2Fadmin%2Csystem%2Fbase%2Ctext%2Fdrupal.text%2Ctoken%2Ftoken%2Ctoolbar%2Ftoolbar%2Ctoolbar%2Ftoolbar.escapeAdmin%2Ctour%2Ftour%2Cuser%2Fdrupal.user.icons%2Cuswds_ckeditor_integration%2Fuswds_overrides%2Cuswds_ckeditor_integration%2Fuswds_table_content_items%2Cviews%2Fviews.ajax%2Cviews%2Fviews.module

Is this normal? Is that just the normal Views AJAX query string that Drupal uses or is there maybe something else going on on our site making that URL much longer than necessary?

💬 Support request
Status

Closed: duplicate

Version

10.1

Component
Ajax 

Last updated about 6 hours ago

Created by

🇺🇸United States SoCalErich

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024