Problem/Motivation

I'm getting a headers already sent warning when option "Use Header with: Cache-Control: no-cache" enabled. This shows up in the sessions in the database.

Warning: Cannot modify header information - headers already sent by (output started at /home/vagrant/docroot/vendor/symfony/http-foundation/Response.php:377) in Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController->authenticate() (line 197 of modules/contrib/simplesamlphp_auth/src/Controller/SimplesamlphpAuthController.php).
Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController->authenticate()
call_user_func_array(Array, Array) (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 582)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 124)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext(Array, Array) (Line: 97)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 151)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 99)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 78)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 49)
Asm89\Stack\Cors->handle(Object, 1, 1) (Line: 50)
Drupal\ban\BanMiddleware->handle(Object, 1, 1) (Line: 84)
Drupal\shield\ShieldMiddleware->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 693)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)

Proposed resolution

I think if we set the headers on the request rather than calling header directly it fixes it. I tested it out. I'm just not sure if it's setting it properly. I need to test more.

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#11 Review.PNG26.25 KBSivaprasadC
#9 headers_already-sent-3052206-9.patch1.9 KBbander2
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

oknate created an issue. See original summary.

oknate’s picture

oknate
Location Greater New York City Area
CreditAttribution: oknate as a volunteer and commented
Issue summary: View changes
Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir at MD Systems GmbH commented

The header will need to be set on the response, not the request.

That said, instead of that, I would suggest to just rely on drupal's cache API instead and use \Drupal\Core\PageCache\ResponsePolicy\KillSwitch::trigger() and set #cache max-age 0.

That said, I was confused why this setting exists and why it is necessary. Why does the admin have to decide that? Either it is required or not?

sorina.hriban’s picture

sorina.hriban CreditAttribution: sorina.hriban commented

Hello,

I have the same warning message and the option "Use Header with: Cache-Control: no-cache" is not enabled. What can I do in order to get rid of this message?

oknate’s picture

oknate
Location Greater New York City Area
CreditAttribution: oknate as a volunteer and commented

Re #3, I don't know why the option exists. I only had it turned on because I wasn't sure if I should use it or not.

Elijah Lynn’s picture

Elijah Lynn
Location Portland, Oregon
CreditAttribution: Elijah Lynn at Agile Six Applications for Department of Veterans Affairs commented

We are getting these in our logs without that setting enabled.

Elijah Lynn’s picture

Elijah Lynn
Location Portland, Oregon
CreditAttribution: Elijah Lynn at Agile Six Applications for Department of Veterans Affairs commented

[duplicate]

Elijah Lynn’s picture

Elijah Lynn
Location Portland, Oregon
CreditAttribution: Elijah Lynn at Agile Six Applications for Department of Veterans Affairs commented

Here is the code from /docroot/modules/contrib/simplesamlphp_auth/src/Controller/SimplesamlphpAuthController.php:203-209, setrawcookie() is what does it. Still working on another bug so not sure I'll get to this but figured I'd leave this here.

  // Check to see if we've set a cookie. If there is one, give it priority.
    if ($request->cookies->has('simplesamlphp_auth_returnto')) {
      $redirect = $request->cookies->get('simplesamlphp_auth_returnto');

      // Unset the cookie.
      setrawcookie('simplesamlphp_auth_returnto', '');
    }
bander2’s picture

bander2 CreditAttribution: bander2 as a volunteer commented
Status: Active » Needs review
FileSize
headers_already-sent-3052206-9.patch1.9 KB

First pass at a patch.

agileadam’s picture

agileadam
Location Maine, USA
CreditAttribution: agileadam at iFactory commented

The patch in #9 doesn't seem to correct the issue on my site.

SivaprasadC’s picture

SivaprasadC CreditAttribution: SivaprasadC as a volunteer and at Tech Mahindra for Drupal India Association commented
FileSize
Review.PNG26.25 KB

Hi @bander2, Thanks for the patch. Patch applied successfully. PFA.

It is working for my site. Thank you again. You saved my day.

elgandoz’s picture

elgandoz CreditAttribution: elgandoz as a volunteer commented

Patch applies succesfully but it doesn't sort the issue in my case.

Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/vendor/symfony/http-foundation/Response.php:1290) in Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController->authenticate() (line 198 of modules/contrib/simplesamlphp_auth/src/Controller/SimplesamlphpAuthController.php).
Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController->authenticate()
call_user_func_array(Array, Array) (Line: 123)
mxr576’s picture

mxr576
Primary language Hungarian
Location Hungary
CreditAttribution: mxr576 at Pronovix commented

My patch in a different issue thread possibly also fixes this, please give it a try. https://www.drupal.org/project/simplesamlphp_auth/issues/3127628#comment...

If it does not solve it, please share your feedback here instead of in the other issue thread.

slpearce’s picture

slpearce
she/her
CreditAttribution: slpearce commented

I am getting something similar as well, but in different line numbers than reported in #1. FYI, my use case does not have "Use Header with: Cache-Control: no-cache" enabled, but it does have "Automatically enable SAML authentication for existing users upon successful login" enabled.

Patch in #9 does seem to fix the problem for me, and is probably good form (also tested patch in #13 but it did nothing to resolve this). But what is prematurely sending headers in the first place?

On my setup, it appears to be lines 182-185 of /src/Controller/SimplesamlphpAuthController.php ($this->logger->debug method):

 if ($this->config->get('debug')) {
            $this->logger->debug('Trying to login SAML-authenticated user with authname %authname', [
              '%authname' => $authname,
            ]);

Removing that fixes the issue on my end, even w/o the patch in #9.

If it helps, here is a shortened stack trace from my use case (which was only thrown on first login for a user with a local, preexisting account):

Warning: Cannot modify header information - headers already sent by (output started at /path/to/drupal/vendor/symfony/http-foundation/Response.php:1290) in Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController->authenticate() (line 208 of modules/contrib/simplesamlphp_auth/src/Controller/SimplesamlphpAuthController.php).
Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController->authenticate()
call_user_func_array(Array, Array) (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 573)