Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
I'm getting a headers already sent warning when option "Use Header with: Cache-Control: no-cache" enabled. This shows up in the sessions in the database.
Warning: Cannot modify header information - headers already sent by (output started at /home/vagrant/docroot/vendor/symfony/http-foundation/Response.php:377) in Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController->authenticate() (line 197 of modules/contrib/simplesamlphp_auth/src/Controller/SimplesamlphpAuthController.php).
Drupal\simplesamlphp_auth\Controller\SimplesamlphpAuthController->authenticate()
call_user_func_array(Array, Array) (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 582)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 124)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext(Array, Array) (Line: 97)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 151)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 99)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 78)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 49)
Asm89\Stack\Cors->handle(Object, 1, 1) (Line: 50)
Drupal\ban\BanMiddleware->handle(Object, 1, 1) (Line: 84)
Drupal\shield\ShieldMiddleware->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 693)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)
Proposed resolution
I think if we set the headers on the request rather than calling header directly it fixes it. I tested it out. I'm just not sure if it's setting it properly. I need to test more.
Remaining tasks
User interface changes
API changes
Data model changes
Comment | File | Size | Author |
---|---|---|---|
#11 | Review.PNG | 26.25 KB | SivaprasadC |
#9 | headers_already-sent-3052206-9.patch | 1.9 KB | bander2 |
|
Comments
Comment #2
oknateComment #3
BerdirThe header will need to be set on the response, not the request.
That said, instead of that, I would suggest to just rely on drupal's cache API instead and use \Drupal\Core\PageCache\ResponsePolicy\KillSwitch::trigger() and set #cache max-age 0.
That said, I was confused why this setting exists and why it is necessary. Why does the admin have to decide that? Either it is required or not?
Comment #4
sorina.hriban CreditAttribution: sorina.hriban commentedHello,
I have the same warning message and the option "Use Header with: Cache-Control: no-cache" is not enabled. What can I do in order to get rid of this message?
Comment #5
oknateRe #3, I don't know why the option exists. I only had it turned on because I wasn't sure if I should use it or not.
Comment #6
Elijah LynnWe are getting these in our logs without that setting enabled.
Comment #7
Elijah Lynn[duplicate]
Comment #8
Elijah LynnHere is the code from /docroot/modules/contrib/simplesamlphp_auth/src/Controller/SimplesamlphpAuthController.php:203-209, setrawcookie() is what does it. Still working on another bug so not sure I'll get to this but figured I'd leave this here.
Comment #9
bander2 CreditAttribution: bander2 as a volunteer commentedFirst pass at a patch.
Comment #10
agileadamThe patch in #9 doesn't seem to correct the issue on my site.
Comment #11
SivaprasadC CreditAttribution: SivaprasadC as a volunteer and at Tech Mahindra for Drupal India Association commentedHi @bander2, Thanks for the patch. Patch applied successfully. PFA.
It is working for my site. Thank you again. You saved my day.
Comment #12
elgandoz CreditAttribution: elgandoz as a volunteer commentedPatch applies succesfully but it doesn't sort the issue in my case.
Comment #13
mxr576My patch in a different issue thread possibly also fixes this, please give it a try. https://www.drupal.org/project/simplesamlphp_auth/issues/3127628#comment...
If it does not solve it, please share your feedback here instead of in the other issue thread.
Comment #14
slpearceI am getting something similar as well, but in different line numbers than reported in #1. FYI, my use case does not have "Use Header with: Cache-Control: no-cache" enabled, but it does have "Automatically enable SAML authentication for existing users upon successful login" enabled.
Patch in #9 does seem to fix the problem for me, and is probably good form (also tested patch in #13 but it did nothing to resolve this). But what is prematurely sending headers in the first place?
On my setup, it appears to be lines 182-185 of /src/Controller/SimplesamlphpAuthController.php ($this->logger->debug method):
Removing that fixes the issue on my end, even w/o the patch in #9.
If it helps, here is a shortened stack trace from my use case (which was only thrown on first login for a user with a local, preexisting account):