OS info
- Operating System : Mac OSX 17.7.0
- Wappler Version : 3.9.2
Problem description
Nodejs server crash (ERR_HTTP_HEADERS_SENT) on auth setCookie line in provider.js
Steps to reproduce
- Create a nodejs webapp.
- Add a couple of pages protected with an API with a Security Restrict step and a login flow
- Publish to a remote server (happens in Heroku and DigitalOcean at least)
- Go to the site on an iPhone or iPad (Chrome or safari) and login to the site (everything works fine so far)
- If you close the app (Chrome or safari) by doble tapping and swiping up, and then reopen the browser app, the wappler created page loads and crashes the nodejs server. I had a hard time reproducing the error but I finally did. It crashes every time.
I know that on a remote server you shouldn’t enable debugging, but node crashes either way. This is the log output:
o-1 | 2021-03-29 16:46:13 2021-03-29T22:46:13.464Z server-connect:app Executing action step identify
do-1 | 2021-03-29 16:46:13 2021-03-29T22:46:13.464Z server-connect:app options: { provider: ‘site_security’ }
do-1 | 2021-03-29 16:46:13 2021-03-29T22:46:13.512Z server-connect:auth Login with cookie: { username: 'xxx, password: ‘xxx’ }
do-1 | 2021-03-29 16:46:13 2021-03-29T22:46:13.512Z server-connect:app Executing action step restrict
do-1 | 2021-03-29 16:46:13 2021-03-29T22:46:13.512Z server-connect:app options: { provider: ‘site_security’, permissions: }
do-1 | 2021-03-29 16:46:13 2021-03-29T22:46:13.543Z server-connect:auth setCookie xxx xxx xxx (redacted for privacy)
do-1 | 2021-03-29 16:46:13 Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
do-1 | 2021-03-29 16:46:13 at new NodeError (node:internal/errors:329:5)
do-1 | 2021-03-29 16:46:13 at ServerResponse.setHeader (node:_http_outgoing:573:11)
do-1 | 2021-03-29 16:46:13 at ServerResponse.header (/workspace/node_modules/express/lib/response.js:771:10)
do-1 | 2021-03-29 16:46:13 at ServerResponse.append (/workspace/node_modules/express/lib/response.js:732:15)
do-1 | 2021-03-29 16:46:13 at ServerResponse.res.cookie (/workspace/node_modules/express/lib/response.js:857:8)
do-1 | 2021-03-29 16:46:13 at App.setCookie (/workspace/lib/core/app.js:104:18)
do-1 | 2021-03-29 16:46:13 at DatabaseProvider.login (/workspace/lib/auth/provider.js:58:30)
do-1 | 2021-03-29 16:46:13 at runMicrotasks ()
do-1 | 2021-03-29 16:46:13 at processTicksAndRejections (node:internal/process/task_queues:94:5) {
do-1 | 2021-03-29 16:46:13 code: ‘ERR_HTTP_HEADERS_SENT’
do-1 | 2021-03-29 16:46:13 }
I managed to prevent the server from crashing by commenting this line in provider.js (line 57):
this.app.setCookie(this.name + ‘.auth’, this.encrypt({ username, password }), this.cookieOpts); but by doing that, the “site_security.auth” cookie never gets created.
So, I took line 57 and putted it inside a try/catch to prevent the server from crashing. Desktop sessions keep working normally; now when replaying the steps to trigger the bug, the server doesn’t crash, but the session becomes buggy… protected pages load properly but server component calls don’t respond.
I know this report is not as detailed as it could be, but I’m close to a deadline so I didi it as complete as possible… I hope you’re able to reproduce it.
Best regards.