Nexus gives a HTTP400 if a HTTP-Header variable is too big

We faced an issue with version OSS 3.42.0-01 where when a specific header becomes too big, we are getting an HTTP400, and the site stops.

The Header is part of our authentication process via the oauth2-proxy, which gets the Identity Provider Security Groups back and then tries to deliver those to Nexus. So, when we disable the groups, NEXUS is stable.

This is a workaround, but you should check why it can’t handle huge Headers and give responses with HTTP400.

If you’re using a reverse proxy configure it to strip the authentication header.