Warning: Cannot modify header information – headers already sent

  • Resolved steven1350

    (@steven1350)


    7 years, 10 months ago

    When setting up Authorizer with CAS enabled & configured, the plugin does work. However when I enable the option

    Immediately redirect to CAS login form if it's the only enabled external service and WordPress logins are hidden

    I get a warning when I attempt to log in saying

    Warning: Cannot modify header information - headers already sent

    Looking at the page source, it looks like the HTML template headers were sent (the page title of “MySite Log In” appears just before the PHP warning)

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Paul Ryan

    (@figureone)

    You are likely prematurely outputting data somewhere in your theme code. This is usually caused by having whitespace (newlines) outside of the closing PHP tag in an included file like functions.php

    It is only triggered when you enable that plugin option because that option calls a wp_redirect() to the CAS login URL, and wp_redirect() sets the Location header; if content has already been sent to the browser, you cannot set headers.

    Thread Starter steven1350

    (@steven1350)

    I am not to sure about your answer here.

    Looking at the plugins source code, it looks like the wp_redirect() is set to trigger on the WordPress login_head action, which is after WordPress has begun to output the HTML headers (hence triggering the error). Looking at the page source above the warning also agrees with this idea (the <html> and <head> tags are present, which should never happen when using wp_redirect())

    Here is the stack trace if it helps

    ( ! ) Warning: Cannot modify header information - headers already sent by (output started at /var/www/multisite-wordpress/wp-login.php:63) in /var/www/multisite-wordpress/wp-includes/pluggable.php on line 1174
Call Stack
#	Time	Memory	Function	Location
1	0.0001	122512	{main}( )	../wp-login.php:0
2	0.1260	3549636	login_header( )	../wp-login.php:891
3	0.1292	3560012	do_action( )	../wp-login.php:98
4	0.1333	3569548	call_user_func_array ( )	../plugin.php:524
5	0.1333	3569620	WP_Plugin_Authorizer->login_head_maybe_redirect_to_cas( )	../plugin.php:524
6	0.1337	3576688	wp_redirect( )	../authorizer.php:1921
7	0.1340	3581828	header ( )	../pluggable.php:1174
    • This reply was modified 7 years, 10 months ago by steven1350.
    • This reply was modified 7 years, 10 months ago by steven1350. Reason: typo
    Plugin Author Paul Ryan

    (@figureone)

    Ah, good catch! Not sure why I’m not seeing the same warning on any of my installs. I’ll try to find a better place to trigger that redirect call. Will keep you updated.

    Plugin Author Paul Ryan

    (@figureone)

    Looks like I haven’t seen the error because default php configuration in Ubuntu is to enable output buffering (output_buffering = 4096 in php.ini), so the beginning of the html output in login_header() before the login_head hook was being buffered and not sent to the client immediately. Disabling output buffering caused the warning to trigger, so I can confirm your bug report.
    https://php.net/manual/en/outcontrol.configuration.php

    Plugin Author Paul Ryan

    (@figureone)

    The following fix will be included in the next release. Thanks!
    https://github.com/uhm-coe/authorizer/commit/e4912e77f90674211cd96acb8850eb84193533a7

    Plugin Author Paul Ryan

    (@figureone)

    Version 2.6.10 is now out. Let me know if you run into any problems!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Warning: Cannot modify header information – headers already sent’ is closed to new replies.