Codex Remote Control Setup Not Working? Check Localhost Cookies
If Codex remote control setup is not working and the local callback fails with HTTP ERROR 431, the problem may not be Codex, OAuth, Chrome, or your callback handler.
It may be old cookies from unrelated local apps.
http://localhost:1455/auth/callback?code=REDACTED&state=REDACTED
Instead of completing the flow, Chrome shows something like:
HTTP ERROR 431
That error means the request headers are too large. In local dev, the oversized header is often Cookie.
The root cause
Cookies are scoped by host/domain, not by port. Cookies set on bare localhost can be sent to all of these:
localhost:3000
localhost:5173
localhost:1455
Those are different ports, but the same host.
So an app on localhost:3000, another app on localhost:5173, and a Codex callback on localhost:1455 can accidentally share the same cookie jar. Enough auth/session/analytics cookies pile up, the callback request gets too large, and setup fails with 431.
The same pattern can happen on bare 127.0.0.1.
How to check
Don't paste full callback URLs, Cookie headers, auth tokens, or browser storage dumps into chat tools or tickets. You only need names, hosts, and approximate sizes.
- Open the failed callback in Chrome.
- Open DevTools -> Network.
- Click the failed callback request.
- Look for a huge
Cookierequest header. - Open DevTools -> Application -> Cookies.
- Check
http://localhostandhttp://127.0.0.1.
Immediate fix
Clear stale cookies for the bloated local host, then retry Codex remote control setup.
In Chrome, go to DevTools -> Application -> Cookies, select http://localhost, and delete old cookies you do not need. Repeat for http://127.0.0.1 if you use it.
Prevention pattern
Use project-specific local hosts instead of bare localhost:
http://app-a.localhost:3000
http://app-b.localhost:5173
http://oauth-test.localhost:1455
Cookies from app-a.localhost will not be sent to app-b.localhost. If your tooling does not resolve those names automatically, add host entries:
127.0.0.1 app-a.localhost
127.0.0.1 app-b.localhost
127.0.0.1 oauth-test.localhost
Then configure each app's allowed callback URLs, CORS origins, auth redirect URLs, and cookie settings to use its project-specific host.
Checklist
- [ ] If Codex remote control setup fails with HTTP 431, inspect localhost cookies before changing OAuth code.
- [ ] Use a project-specific host such as `app-a.localhost`, not bare `localhost`.
- [ ] Keep each app's OAuth redirect URLs on that same project-specific host.
- [ ] Avoid sharing `127.0.0.1` across unrelated browser apps.
- [ ] Never paste full `Cookie` headers, auth callback URLs, or token-like values into logs or support threads.
The practical rule: ports separate servers, not cookies.