This is my attempt at serving a single-page-app from a protected route. This will work AFTER the user is logged in (resulting in GET /app/ 304 , but on initial login, and on refreshing the page with cookies cleared (CMD-SHIFT-R on a Mac in Chrome, for instance) you’ll get GET /app/ 500 4.563 ms - 1254 Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client.
Is there another way to serve static files on a protected route?
It’s not express.static… I get the same results with this, actually: router.get('/app/*', requiresAuth(), (req, res, next) => { if (req && req.oidc && req.oidc.isAuthenticated()) { res.sendFile(path.join(__dirname, '../app/index.html')); } else { res.redirect('/login'); } });
It seems that requiresAuth itself is triggering the error.
I have confirmed that res.sendFile in any route (protected or not) in the present of express-openid-connect will cause the ERR_HTTP_HEADERS_SENT error. Downloading the sample project from the documentation and attempting to add either a static middleware along with requiresAuth() or using res.sendFile in ANY route (with or without requiresAuth) will result in the error.
I lost two days to this. I have been spelunking into node_modules, running in debug mode, etc…
If you’re serving it locally, the hop from HTTP to HTTPS seems to be the cause of this error (the auth header is getting messed up somehow, though it appears to be in place…). Running it in an totally HTTPS environment, it works just fine. The documentation does have an off-hand remark about “you MIGHT run into errors if you’re working locally on an HTTP connection,” but that sounded so non-threatening that I didn’t even notice it.
I could have sworn that the issue had gone away when I deployed to my HTTPS server, but I’m seeing it in logs again. It looks like it has to do with the route being responded to by EJS as well as a route that I wrote, based on the error stack. Will try disabling EJS.
The error message “Can’t set headers after they are sent” commonly occurs in Node.js applications when attempting to modify response headers after the response has already been sent to the client. This error typically indicates a logic issue where multiple responses are being sent or headers are being set too late in the code execution. To resolve this error, ensure that response headers are set before sending the response and that only a single response is sent per request, avoiding any modifications to headers after the response has been sent.
If you’re using middleware in your application, particularly ones that modify the response headers, ensure that they are properly ordered. Middleware functions are executed in the order they are defined, so if a response is sent before a middleware function attempts to modify headers, the error can occur. Make sure the middleware that sets headers is placed before the middleware that sends the response. Also, When sending a response, ensure that you properly exit from the function or block of code. Use return statements or appropriate flow control mechanisms to prevent subsequent execution that may attempt to modify headers.
