When making API calls to our auth server (Keycloak, served on Wildfly) from our Angular application there is a point where requests begin to fail, apparently due to too much data being present in the bearer token. I have isolated this to the point where adding a single letter to the user's name will cause the request to fail. Requests to our other servers with the same bearer token work as expected.
When the requests fail, the browser DevTools show them as failed with no additional information - simply a 'Failed to load response data' message and the application does not receive any data. This issue appears to be browser agnostic (have tried Chrome, Edge, and Firefox). When I copy one of these failed requests into postman, it succeeds and gets the expected JSON data.
I have thus far experimented pretty extensively with allowed header size on all of the servers and seen no change and am a bit at a loss for where else it would make sense to continue investigating. Does anyone have recommendations?
An example of one of the requests in question, copied as cURL (bash):
curl 'OMITTED/auth/realms/OMITTED/account' \
-H 'authority: OMITTED' \
-H 'pragma: no-cache' \
-H 'cache-control: no-cache' \
-H 'sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"' \
-H 'accept: application/json' \
-H 'authorization: bearer OMITTED' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/OMITTED (KHTML, like Gecko) Chrome/OMITTED Safari/OMITTED' \
-H 'origin: http://localhost:4200' \
-H 'sec-fetch-site: cross-site' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-dest: empty' \
-H 'referer: http://localhost:4200/' \
-H 'accept-language: en-US,en;q=0.9' \
--compressed
