Identityserver4: Cross-Origin exception when using a JavaScript client
Hello,
Using a Javascript client (oidc-client-js) with Identity Server 4, sometimes I got a Cross-Origin exception on the client when the lib try accessing the http://localhost:5000/.well-known/openid-configuration/jwks URL.
I do not know how to reproduce this problem as it happens randomly. (BTW my solution is working correctly until this exception occurred, after that I need to restart everything.)
Here is the log from Identity Server 4:
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:5000/.well-known/openid-configuration
dbug: IdentityServer4.CorsPolicyProvider[0]
CORS request made for path: /.well-known/openid-configuration from origin: http://localhost:5002
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:5000/.well-known/openid-configuration/jwks
dbug: IdentityServer4.CorsPolicyProvider[0]
CORS request made for path: /.well-known/openid-configuration/jwks from origin: http://localhost:5002
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[0]
An unhandled exception has occurred while executing the request
System.InvalidOperationException: A second operation started on this context before a previous operation completed. Any instance members are not guaranteed to be thread safe.
at Microsoft.EntityFrameworkCore.Internal.ConcurrencyDetector.EnterCriticalSection()
at Microsoft.EntityFrameworkCore.Query.Internal.LinqOperatorProvider.ExceptionInterceptor`1.EnumeratorExceptionInterceptor.MoveNext()
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
at IdentityServer4.EntityFramework.Services.CorsPolicyService.IsOriginAllowedAsync(String origin)
at IdentityServer4.CorsPolicyProvider.<ProcessAsync>d__6.MoveNext()
--------- Probably not useful after this ------------
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityServer4.Hosting.BaseUrlMiddleware.<Invoke>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.<Invoke>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.<Invoke>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.MigrationsEndPointMiddleware.<Invoke>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.<Invoke>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.<Invoke>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()
info: Microsoft.AspNetCore.Server.Kestrel[14]
Connection id "0HL1RNESTO3KO" communication error.
Microsoft.AspNetCore.Server.Kestrel.Internal.Networking.UvException: Error -4081 ECANCELED operation canceled
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 23.5423ms 500 text/html; charset=utf-8
I noticed on another GitHub issue that you want to cache CORS. Maybe this is linked.
Regards,
Adrien.
pellea
All 10 comments
System.InvalidOperationException: A second operation started on this context before a previous operation completed. Any instance members are not guaranteed to be thread safe.
Is this running in azure?
brockallen
on 13 Jan 2017
No everything is on my local machine for now.
pellea
on 13 Jan 2017
Hmm... ok, interesting. This looks like it's coming from the EF layer. I'll see if I can investigate more.
brockallen
on 13 Jan 2017
I can reproduce the error. I simply let the page idle for some times and when I come back here it is :)
After a while the JavaScript code execute this code from the oidc-client-js:
return new Promise(function(r, i) {
var s = new n._XMLHttpRequest;
s.open("GET", t),
s.onload = function() {
o.default.info("HTTP response received, status", s.status),
200 === s.status ? r(JSON.parse(s.responseText)) : i(Error(s.statusText + " (" + s.status + ")"))
}
,
s.onerror = function() {
o.default.error("network error"),
i(Error("Network Error"))
}
,
e && (o.default.info("token passed, setting Authorization header"),
s.setRequestHeader("Authorization", "Bearer " + e)),
s.send()
}
)
The crash occurred in there and the page is refreshing in a loop. I don't know if it helps.
pellea
on 13 Jan 2017
I can reproduce this in a local environment by sending two simultaneous requests both with the same (valid) payload - caused as a result of a bug in my consuming code. The first comes back as a 200 but the second comes back as a 404 with no response body.
Chrome reports "No 'Access-Control-Allow-Origin' header is present" on the 404, which although valid as the header isn't present in the 404 response, is a red herring.
The actual error in the logs is as @pellea reported.
Simple LinqPad script to reproduce. Note that the Origin header is required to reproduce, otherwise both requests succeed:
Enumerable.Range(1, 2).AsParallel().ForAll(i =>
{
var client = new RestClient("http://localhost:8130/connect/token");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddHeader("Origin", "http://localhost:3000");
request.AddParameter("application/x-www-form-urlencoded", "grant_type=password&scope=my.scope&client_id=my-client&username=admin%40test.com&password=test1234&client_secret=my-client-secret", ParameterType.RequestBody);
var response = client.Execute(request);
$"{i}: {response.StatusCode} {response.Content}".Dump();
});
becdetat
on 23 Jan 2017
This happens for me as well, pretty often, in local development environment. Is there any solution for this yet?
martintro
on 3 Feb 2017
brockallen
on 19 Mar 2017
Duplicate issue is 404
spragchris
on 4 Jan 2018
I came across this issue with my IDSVR project today. Can we have a link to the correct duplicate or can this thread be re-opened?
chrisccowdrey
on 26 Feb 2018
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 13 Jan 2020
Related issues
brockallen
路
3Comments
leksim
路
3Comments
not-good-with-usernames
路
3Comments
garymacpherson
路
3Comments
klioqc
路
3Comments
Most helpful comment
Duplicate issue is 404