From c7a15d4176aa6f625b6c25a9919c182d243e91fe Mon Sep 17 00:00:00 2001
From: Brian Telnes <btelnes@microsoft.com>
Date: Thu, 19 Apr 2018 15:18:51 +0000
Subject: [PATCH] Set limit_request_field_size to 0 within lms_gunicorn.py.j2
 template to allow headers larger than 8190 bytes

---
 playbooks/roles/edxapp/templates/lms_gunicorn.py.j2 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/playbooks/roles/edxapp/templates/lms_gunicorn.py.j2 b/playbooks/roles/edxapp/templates/lms_gunicorn.py.j2
index ee23c82cfff..a09c2b177f9 100644
--- a/playbooks/roles/edxapp/templates/lms_gunicorn.py.j2
+++ b/playbooks/roles/edxapp/templates/lms_gunicorn.py.j2
@@ -10,6 +10,15 @@ timeout = 300
 bind = "{{ edxapp_lms_gunicorn_host }}:{{ edxapp_lms_gunicorn_port }}"
 pythonpath = "{{ edxapp_code_dir }}"
 
+"""
+Setting limit_request_field_size to 0 will allow unlimited
+header field sizes.  This necessary to fix a bug where the
+header size is greater than 8190, the hard limit for headers
+in Gunicorn versions less than 19.7.0.  This shouldn't pose a
+security risk since Nginx restricts the header size to 16K.
+"""
+limit_request_field_size = 0
+
 {% if EDXAPP_LMS_MAX_REQ -%}
 max_requests = {{ EDXAPP_LMS_MAX_REQ }}
 {% endif -%}