Extension API calls are failing with "Request Header Or Cookie Too Large" error

Extension API calls via proxy are failing.
The extension API “https://installation-ext.extensions.swadeshz0.de/application/api/v1/validate/pan” is working fine.
The API that we call from storefront “https://swadeshlife.swadeshz0.de/ext/installation_ext/validate/pan” is failing for some users. Clearing cookies does not help.

sample curl:

curl --location 'https://swadeshlife.swadeshz0.de/ext/installation_ext/validate/pan' \
--header 'authority: swadeshlife.swadeshz0.de' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-US,en;q=0.9' \
--header 'content-type: application/json' \
--header 'cookie: f.session=s%3AREhsGuiGsI1xe3BgBmRZtIpIAQWA9qdV.OPYtXPGIPALp20kd68RApQmQKB%2F719dncojrbl1pAIo;' \
--header 'origin: https://swadeshlife.swadeshz0.de' \
--header 'sec-ch-ua: "Not A(Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"' \
--header 'sec-ch-ua-mobile: ?1' \
--header 'sec-ch-ua-platform: "Android"' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Mobile Safari/537.36' \
--data '{"name":"RELIANCE INDUSTRIES LIMITED","pan_no":"AAACR5055K"}'

Hello @Shardul_Rajiv

After checking, I noticed that the cookie being used is incorrect. Upon verifying with the correct f.session , the API is now producing the expected output. I’m sharing the cURL command after correcting the f.session for your reference.

curl --location 'https://swadeshlife.swadeshz0.de/ext/installation_ext/validate/pan' \
--header 'authority: swadeshlife.swadeshz0.de' \
--header 'accept: application/json, text/plain, */*' \
--header 'accept-language: en-US,en;q=0.9' \
--header 'content-type: application/json' \
--header 'cookie: f.session=s%3AfFsHRs07CYIJgu0KEp7vfYcZBc91F1Wj.RcDqdjq9ilMFGnca5P7EPsROJLUDG%2BYu1sJX2nXo2jI' \
--header 'origin: https://swadeshlife.swadeshz0.de' \
--header 'sec-ch-ua: "Not A(Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"' \
--header 'sec-ch-ua-mobile: ?1' \
--header 'sec-ch-ua-platform: "Android"' \
--header 'sec-fetch-dest: empty' \
--header 'sec-fetch-mode: cors' \
--header 'sec-fetch-site: same-origin' \
--header 'user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Mobile Safari/537.36' \
--data '{"name":"RELIANCE INDUSTRIES LIMITED","pan_no":"AAACR5055K"}'

Output:

{
    "error": true,
    "code": "ISE-102",
    "message": "Un-Authorized user"
}

Hello @afrozshaikh ,
Thanks for the reply. When we call extension proxy API from storefront, the cookie is picked up on its own. We are not changing the cookie.
Can you please mention what is wrong with the cookie? The cookie is what we get after user is logging in on the storefront.

Hello @Shardul_Rajiv

The cookie string shared by you contains proper session identifiers/tokens, However, I feel there is one extra semicolon ( ; ) which is being added, could you please check on it?

hi @afrozshaikh ,
The (:wink: semicolon is a separator here. I have tried removing the ; it still does not work for some users.