2 minute read

Don’t you just step on bugs?

Hello and welcome to a new segment on my life as a developer. Lately, I’ve been inspired by some blogs to start writing again. In my vain hopes of avoiding this effort to seem like work, I’m going to work on being informal and informative to my future self on some interesting bugs I’ve encountered in the wild.

~ end preamble ~

Bug Hunt #1: Misleading CORS + Large File Size

file size too high meme
No seriously

My coworker reached out to me this past week about an odd error.

Background context on the application:

A user makes updates on a large json object with a csv upload for ease of use. This functionality was introduced recently and the new user story required that the changes introduced by the csv upload are back-propagated to relevant pointers within the large json object.

After making the changes in the UI, uploading a csv, and saving the object, the UI locks up. The QA claimed that the application timed out, the original DEV said it worked in the development environment.

it works on my machine, bruh
A surprisingly poor defense when issues arise in PROD

After successfully fighting through some other cruft to run the application locally, my coworker and I noticed that he was receiving a CORS error from Chrome when trying to recreate the issue. A bit of a red herring, we thought.

However, I asked my coworker to try the same scenario in DEV and he observed the same CORS error after about a 1-2 min delay (while the UI was locked up). Strange!

I double checked but we were fairly certain that our CORS permissions were set up correctly in Azure, and that all the relevant headers and methods were allowed.


This makes sense, but apparently because the file size was so large, we encountered a CORS issue. Most iis instances can only support up to ~28 MBs by default and we were trying to upload about ~150 MBs because of a bug introduced by the back propagation logic.

I found an enlightening comment on SO. In essence, the comment says that because the request is so large, the middleware does not actually have the size to append the CORS header (among others) and that’s why the CORS triggers.


Well there are two options:

  1. Increase the file size limit for the incoming request headers to the backend API

You can imagine what we did.

Until the next time, stay warm!