Giters

anvilresearch / connect

A modern authorization server built to authenticate your users and protect your APIs

Home Page:http://anvil.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

/signout endpoint unhandled exception

amokrushin opened this issue · comments

commented

Error: Can't set headers after they are sent.
...
at /srv/nodejs/oidc/node_modules/anvil-connect/oidc/signout.js:53:13
...

How to reproduce:
send signout request with post redirect uri and valid token

connect/oidc/signout.js

Lines 53 to 67 in a21dd1f

res.redirect(303, postLogoutUri)
return
}
// Otherwise, fall through to default case below
})
}
// Handle all the other cases - no postLogoutUri specified, or the client is
// unknown, or the given postLogoutUri has not been registered previously.
// Do not redirect, simply sign out
authenticator.logout(req)
res.set({
'Cache-Control': 'no-store',
'Pragma': 'no-cache'
})
res.sendStatus(204)

In that case both res.sendStatus(204) and res.redirect(303, postLogoutUri) will be called in the same request and will cause the error

The test passed because there is a mistake:
62b538b

commented

#352 PR fix this issue !

commented

Thanks @camfou! Just merged #352.

@amokrushin, please let me know if this solves your issue.

Sorry everyone for neglecting this repo recently. I've been a little distracted from working with the good people at CSAIL on OIDC for https://solid.mit.edu/

New packages in the works that should eventually find their way back into Anvil Connect :) Ping me on gitter if anyone wants a preview. We could use the extra eyes.