I am getting my elmah error log filled with exception:
Server cannot set status after HTTP headers have been sent.
70% of those requests are caused by crawlers(alexa,googlebot), and I can’t guarantee that the rest of requests aren’t bots with fake cookies, agent strings etc. but some of those requests really seem legit.
Here is Facebook authorization method where error occures:
public class FacebookClient : WebServerClient
{
private static readonly AuthorizationServerDescription FacebookDescription = new AuthorizationServerDescription
{
TokenEndpoint = new Uri("https://graph.facebook.com/oauth/access_token"),
AuthorizationEndpoint = new Uri("https://graph.facebook.com/oauth/authorize"),
};
/// <summary>
/// Initializes a new instance of the <see cref="FacebookClient"/> class.
/// </summary>
public FacebookClient() : base(FacebookDescription)
{
}
}
private static readonly FacebookClient client = new FacebookClient
{
ClientIdentifier = ConfigurationManager.AppSettings["facebookAppID"],
ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(ConfigurationManager.AppSettings["facebookAppSecret"]),
};
[AllowAnonymous]
public ActionResult Facebook(string returnUrl)
{
IAuthorizationState authorization = client.ProcessUserAuthorization();
if (authorization == null)
{
var scope = new List<string>();
scope.Add("email");
client.RequestUserAuthorization(scope);
}
else
{
try
{
var request = WebRequest.Create("https://graph.facebook.com/me?&access_token=" + Uri.EscapeDataString(authorization.AccessToken));
using (var response = request.GetResponse())
using (var responseStream = response.GetResponseStream())
{
var graph = FacebookGraph.Deserialize(responseStream);
if (Membership.GetUser(graph.Id.ToString()) == null)
{
MembershipCreateStatus membershipCreateStatus = MembershipCreateStatus.Success;
var user = Common.CreateUser(membershipCreateStatus, graph.Id.ToString(), HttpUtility.HtmlEncode(graph.Email));
if (membershipCreateStatus != MembershipCreateStatus.Success)
{
TempData["message"] = "Unsuccessful creation of Account. " + membershipCreateStatus.ToString();
return RedirectToAction("Login", "Account");
}
if (membershipCreateStatus == MembershipCreateStatus.Success)
{
AddUserShortID((Guid)user.ProviderUserKey, HttpUtility.HtmlEncode(graph.Name));
Common.Authorize(graph.Id.ToString());
}
}
else
{
Common.Authorize(graph.Id.ToString());
}
}
}
catch
{
TempData["message"] = "Unsuccessful creation of Account. ";
return RedirectToAction("Login", "Account");
}
}
if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
return RedirectToAction("Index", "Home");
}
What is the most suspicious part of code here which may cause this kind of behaviour? Why does this happens most of the time with bots? Is there any way to reproduce something like this?
UPDATE: This is not just caused by bots I got this exception yesterday also, well only in log, in browser I got not found graph.facebook.com/…
I discovered when this exception happens, when I get redirected to Facebook login page, if you refresh the page or enter login info wrong, or if the page is not currently available for whatever reason this exception gets logged but the most important thing is that user will not see anything unusual happening, or have any problems logging in.