Incompatible with IntegerNet_SansecWatch

[norgeindian]

We were just facing a strange issue.
We switched from manually including a CSP whitelist to the module IntegerNet_SansecWatch, which dynamically updates the headers based on the given settings in the Sansec panel.
It seems, that both modules are not compatible.
At least, we got the error: Unable to set the CSP header. The header size of 8211 bytes exceeds the maximum size of 8190 bytes.
We had the exact same CSP whitelist included before in a module, and there it worked.

[norgeindian]

Debugged that further, and it seems, that it was only a caching issue.
At least it seems to work as expected, when I debug it locally.

[norgeindian]

No, sorry, have to open it again :-)
Was not able to reproduce the issue locally, but on our testing system it can directly be reproduced.
As soon as I activate in Sansec too many policies, so that the header is too big, and update the policies, apache directly gives up.
The question now is, on which side would we need to trigger something to fix it.
IntegerNet_SansecWatch flushes or invalidates the FPC.
I tried both, but that does not fix it.
Does anyone have an idea, what I could try to fix this issue?

[lsiebels]

Hi @norgeindian, thanks for reporting the problem.

It seems to me that the problem is related to the issue #5. Please try to lower the threshold as described in the issue.