From 4a77bfb7da028411232d438e739b304398db87f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabr=C3=ADcio=20Matt=C3=A9?= Date: Mon, 5 Feb 2018 11:48:58 -0200 Subject: [PATCH] Redirect: do not call next after res.end() Express applications may have final handlers (e.g. to serve 404 pages or log errors), calling `next` after `res.end` will cause these handlers to be triggered when they should not. If the application has a default page handler (common in SPAs with client-side routing) or 404 page, calling `next` after `res.end` will throw a "headers already sent" error. --- coffee/lib/authentication.coffee | 1 - 1 file changed, 1 deletion(-) diff --git a/coffee/lib/authentication.coffee b/coffee/lib/authentication.coffee index 9751c58..2ce1647 100644 --- a/coffee/lib/authentication.coffee +++ b/coffee/lib/authentication.coffee @@ -47,7 +47,6 @@ module.exports = (csrf_generator, cache, requestio) -> csrf_token = csrf_generator(req.session) res.writeHead 302, Location: cache.oauthd_url + cache.oauthd_base + '/' + provider + '?k=' + cache.public_key + '&opts=' + encodeURIComponent(JSON.stringify({state: csrf_token})) + '&redirect_type=server&redirect_uri=' + encodeURIComponent(urlToRedirect) res.end() - next() auth: (provider, session, opts) -> defer = Q.defer()