Remove arbitrary cap on length of outgoing headers.

The cap is too low for some uses, and it's unclear if it's worth
keeping.

Closes #1473.
Closes #1025.

diff --git a/tornado/web.py b/tornado/web.py
index 4ff75771bbd9eea2813cb99867729782b7193696..f237d78f027dc1e12c3ee1fc8b84f0800ddfb659 100644 (file)
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -362,10 +362,8 @@ class RequestHandler(object):
         else:
             raise TypeError("Unsupported header value %r" % value)
         # If \n is allowed into the header, it is possible to inject
-        # additional headers or split the request. Also cap length to
-        # prevent obviously erroneous values.
-        if (len(value) > 4000 or
-                RequestHandler._INVALID_HEADER_CHAR_RE.search(value)):
+        # additional headers or split the request.
+        if RequestHandler._INVALID_HEADER_CHAR_RE.search(value):
             raise ValueError("Unsafe header value %r", value)
         return value