Identityserver4: browser downloading 0 byte file when calling signout-oidc

Created on 26 Feb 2019  路  8Comments  路  Source: IdentityServer/IdentityServer4

Not sure if this is the source of the issue or not, but it's the only starting point I have.

Using ID Server 4 with a mvc core 2.1 web app with oidc. Both are running Kestrel deployed to IIS. Authentication works correctly, logout from the client works correctly.

However, when calling logout from IdentityServer, it calls the front channel logout uri for the client and the user is logged out, but the browser downloads a 0 byte file named signout-oidc.

I'm using Assembly Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=2.1.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60

That assembly wires up signout-oidc on the client, so I don't have access to the action's code to step through or inspect.

My Client OIDC Settings are:

            options.SignInScheme = "Cookies";
            IdentityConfig idConfig = _configuration.GetSection("IdentityConfig").Get<IdentityConfig>();
            options.Authority = idConfig.IdentityServer;

            if (_env.IsDevelopment() || _env.IsEnvironment("Local") || _env.IsEnvironment("Test"))
            {
                options.RequireHttpsMetadata = false;
            }
            options.ClientId = idConfig.IDClientId;
            options.ClientSecret = idConfig.IDClientSecret;
            options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
            options.MetadataAddress = $"{idConfig.IdentityServer}/.well-known/openid-configuration";
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("offline_access");
            options.Scope.Add("role");

My Fiddler Trace is showing the following:

Request:

GET http://<redacted>:50050/signout-oidc?sid=e9c6efd3cf1d82630c7ae072b7c028d5&iss=http%3A%2F%2F<redacted>%3A50052 HTTP/1.1
Host: <redacted>:50050
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://<redacted>:50052/connect/endsession/callback?endSessionId=CfDJ8KVLH7xqMkhOsWXF-pE5FJ4gxuZc5p60f3QIvuHqG1dJSNKMGeb5aWFrQPxcEkj9-VEPt8UlQ1C8-psQI1haeIdWyiTk8ewpVeaMIZ0WIwUh-JMoWPD0CFeDof01Bw2F3CU_Csy4vKEKtLg7j-n91b-HJ6--uSRF-7lo7BmKPoi0kiZiuVHETpKsLGQD4pK-j9_9loylm1gaZUJOv2N190x6RCAqAo3SsIrDFB6lSS7z5wd0j6GI2Rgmolde2Y9WVdu9YdhSdiEdVZaos9ReQg7mezM_R1r1DgCgPlwaE9eu6CooLFs6SImvo7jIYoyiYeLHfGvi9x7RJKL2ChA1nS4
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: .AspNetCore.Antiforgery.i8J5ScqTF5E=CfDJ8F7aGbFExBVFkK26KfWZ3TooN4dJn9sc4Ie9Bw_OfQsHTECWBFyC5TJ1jVJJ8BCLMx3U9ETjKG_DCSOYy0QIRtOyJgugoc-cWQh-TSmSeXilpmR6YTFMI4esteo_axqqET1vU3qc_fHytkPKE2nAnjs; .AspNetCore.Antiforgery.PLQUYcZ9YSs=CfDJ8KVLH7xqMkhOsWXF-pE5FJ6gj4cArXaIzYAc2H92vcCUNtwfYW8EXxmqZ892fvz8f4QCrC5KxUHzcXAk5Zy_Z3FK8hzfgVaYMD5DVBfoxkyJj9znJ5vlHj5Q_CoPuDLPJL1BtqKlYYxhwZQv5KuNRLQ; .AspNetCore.Cookies=chunks-3; .AspNetCore.CookiesC1=CfDJ8F7aGbFExBVFkK26KfWZ3TrGDR8H0OO94WOtwVdQE75dbVlqJtGHYtcu5t-kaxT030kJdcFMMAwj3Nyf_aC9ktkN6R2jmV4MtnTWwhqvS33VccfhNDZ1__Oyeul3_bQKCjWJPfPqaulpUk23rzy5_IswqBNAzdAuQlGQ2d1R3SZsCBnAgNSwKw8F6qIRnWnh_no8N7-3x8lFLNKqCC1t-8EN7L3DL7Kk4qZ9UYDZfVgFvhYXXVEWlWVU6QGePXfG3HS6FHpc5hCdUos9ShnQ-3mzQc5v0BKpyo5wk_3DHnabD2wzfee4SXtiULqVWm9l12kXhOZCl7UN3rZjVD_d_xzeYYHSxzOASiaQm7fkbRwK-lO-GWUNBwMt0bXwi0xGM2U88CCuNW5K54Nr1fPE19ChE7LQG_n9a46RSKjzpx9u1WACQraIMkiTUCLtW5jyBlXounuZCBqQLP_3XDIuA2z9xHic1n8t3A6my-3JClt5hXqqbYP2PJhfrNPkjGZEFJb4os9PktrJ-clsVPenV1l3wpTaWrN-MNbItGpxZCremkjzRpgzfdUfLU7cRVhMEbPWMyHHZGN8nLW7fHdPY0j6LgCJ_Y9OGcXRDU0MNb2dtXTMwbgu3tVR_S-YGaTzvfSHoj9_e6j5GUDwM0fc4G8MGr041r-1RqnaAGlTzTVBNrRIy2BHBRD9EtkyhbtgutyQZc8fFNvQWdeuGsVpp8EFX8xrFV2gnnhvr_60WY_hZrOuZMhGDxtJu0EAYGR5_8YIv__BvH8uOIp2XG31GJS31QPS3ixFQ2sXv21hXVtgOqqxHX_eMstNkmInodapr2-wTOKbhb2yw0SCuslfWcNEdPSk21uDiCfzeNWzOYg_d7ab4P9orqGWzkAWU0_evPy0BTFuoIZZKaTX2hlu-tuJ7C8uIWdtL-beW8O5MzaE5KeW5UtJWMwpldyifaEcmm7y1cec-uWjE6zvMoETyJKcwK---RD5oAXaoyjzb3zeDihvTBuvI3aOcEQUvmzdsifGn3yV-Llss-wmBW-xZIX6G_3bYtn2XaTU1lg3ZrY8PayMTxJR58ZebIJksegkFJzJBufJXLJ-NYZAedODrN7df0v3hqkKP6fODTFcfGPeuc1IYm2iq9Pcrf7NzmA8uhtPmsqz_s64rFigSDUyquJahQOj046pW0psF9sv8iEL30qV9s0G5gnkTqG62t6gYLsGOJANa8QuYUUDBcF86U6hrnjUxqcPvsvPyQ1LO109H5Wqlx4zcbd4qo19MaBPMhMIjK-H4JV242IpKT4w8B9WuHRb9zq_Xoli53V4xnpotyyuj-q2Upe3BNjpS0zSdtdxxvBGNRxkYExZZjmxH_HVA8uaO-FFnmaUvEmPNqoWvUqoa2azaorJXDsd3dg_JCeednmbMLhYkVkhkl27xIAhQY9yyR5tCWuLcuiwmnqQVy92LZ-6kjXf1aRpjNqOCWpQJ6cU7UtG1HmhT2_hiz2ur7gzX_pXRgOkgIybCSv--BYV0zEC0VVTAyaF1H8Zd21F4iHRNAKjwj2YJlQOoyYa3GbDFNBgtYcMPU4KLR3cutn-Xq1ytMe2upGaUOfR_f01cWpXDzp32fsf2pDG8hG2Zujf1Lrs3G_8kjorhPsorjJu1JIxPsQwm5Hy03H9rhrt0-6ZgkjDPzNs3KIZ0SMdp2dlUQGQsLlgPxfbUAK3kWqa5lbWZla2agMDC-xBDSPCmjfQ_VMVTSwik-K4m8tK4dF5WvdHFMyn1Aou9s-ua8XbgGzXGstbQuvkKdz6SxYCMmOKnw1ZKQvXa529R6aVhyqVSC604lOq_1IZaNbA2Q67Ut5rg67D-dwPUBt3oE6pdPSpYkuBg_6VecnowCGW0B0nIuZoMhN_kMmjt81j_Ckjf1leb4ZACayTX6ZBlPT1Uvg_LPziTDmUA2rG0j7en0XmAoD0NIxyLvo3DUCrI0Q7jbxo56Lk5zmB5AKhXvKPRkXp-jQ8eZEKq6Kttqi69tZ3mD6ZBNCVjBOZHzroWZZdfyIsf0Iz5DTx659Uul2GlP6EjwrPcVvtt1BdHFTmbZ_q3Tby0ASop5kjD_ABkFrM7EQTPtj5wGZmH0S5z5XCnlj2pK0TKsr70jAWpT0bOkNkjeXF6SigOBsmSMvd9DWTUQlIJl0Vep9W8-rUfZcpDrvSjtzNClJ4cMPOu9gb9e6wBqP1mhJapwy1QdkK26uKBOBhMog1-5Zqqb4ltu6TtNIUtqRN56nfA4wzdPYmN09W4U1ETDYlXyd_13NeA9UZRV8ku0yTMJo5zcEKyOfhtsNYLHRjlP3hRvczgnNGqpWmgv0Tgcgy_Jo7NGqfc4gLSx1Y6Xq1a8V7ccyRLQvgimYuToV_TdMqPxAHsKOm8pcSf0TGtg3AV_0_T_DJdxfx_bNVV6pzcz25RIMPJ2lENJDMYEr6rA_vEvVXctTQmL2YxxO4kf7i8HC6avHKuS9gUsqEG6pAZe46VaOsmKv9zkEujS8kb9tTjJen6jhJdlSH-3lS-CLTXw3te1g2LNBJOnWTvLIF2e4x_RXIBoG9lSaHgc3XgkRD6nd-tz7K6Sq6hY1PNWh0e1XTl7g_O3wIqa2NbPTt2EAqNStZRfu_4fhBL4PQi-2meFRGdCD2QQ_NxtayL-CfBg6LHuDnAWMCYf0o_y2Aaxk3zMSrkDL8W9BMXT3d67v7KsSAF6HZonc1b1uyr51-QR0Yc0fJz58d7MjlhWWKGrpJlnL-TJs2j5PknCgC66y28DmlWtAeCcYcv7HhpUUEgyvehJOW_AuDJ67c3-QLs4fl9hBeXPRZcI4RF3wPn-GL0ZTAPQEQGiYbSBAJFQel9SrEXGtm_lC0ZHHoSmvn4ccHvg1_NymKwZgAdG8cxV7FQo5RyxMfalM_SRVaeHBFJa-envqq2oWY86EkKBJ3Z-TTV7mX0uSr3eFGe3R0r8UpUTKtfJR9kmoVNs_AGOxwpiObr6TbUXmgx_qsLiZrAUwJdqQWXdC6EABLJghlEY2Is9XFjqHIpIldeXqDEw7Yp1oV-4g3xCdo937vcsupqV2esMUrGAKFrFu4bCDSIQRjiYslMlOaeKN6V2u_yBFyyovCR-e1S08n5lQ0r97OYFEwnC2ql6vafKQRGp8MPaWAyP17qApXnCvwnrQ-harmFSeRvqaNii4oBmtyhl_XPjmYA5Uv11UO2U38m4J274HRtqOgw6p9eYE3kAhfx_2RHfu_hjoWkFzY1iUFzDJ31KCCRFYIKyNlLnN3rt2z5kSGnBxMXh3F7KnfZjWwBWZGmEmIhkQxJvoFDcwVUWdbbLvzbMKofd-x4pWLNqSZLpg7VWF3axf3vBWgBjQDMQlhsnMf2iUE18Ge0sJ4Vl-kQX3Ng_R92rxfTNVav26eRqE6d0fRQmUSg2B4EFla1qECGS7PxJ3qlcF4QEArCIWQjcVuTc0CRfNUtJasv6mAOR1ZVolA4gehmVI_rewPaZratTCfpm1sX_oYxrobhjdHPYIDkcmBN8OXQFdXt70ndooikjKDNVB4wp0jfg0ZXBPG-JYJwmNjzC65AeMaK2buBvHdrK0dYkUMNnKSG-B4PSKExGsaqP6XOSMV3LA4_xx0CVku9WEV9H_dHU20XyDawBS7IkN-yhDhKcxzppu53ujB0vGyUM6RnpuEDZubigjLVO8ai4Q-yt2RaAwHt3xzm2O02ncm_cOw9yt2q_2mNwuL-eBDBxSuiW6gbYzs7wGuWiKtDmXkgJkj8XFNgm8nntiEVfXOpO15gdZXCeDxbWp1nvA3igV3NBBfSBGaNPlgnVfCDYs1Tiwq4zQQooJvrpFGpJJ3R5AQpCIyXEj48RD_vSFvxisShdFQwRbNp290ZIBINiyw4R86G7TdiAaJiUVsETCYGyUcw6X0jcKQrJEddcnBaVEQub8bJyqORTR22nFFdqQJOQvOgAfk_PFb_7ibPPHAvwxFWGfsnZFES-qLRI8PXu3; .AspNetCore.CookiesC2=zx8W6I3iaMeLiqoxtQcGMOpo-9iBtq8kJVOYgw_TboOrSnB5q6VqQHhUDOdTB6zuWSX34GlILprgxvmyQtI7kkKdCHDuTcHX-L7sPpZ0XdGjhjU9OW7nj-w3cZUJwJI9f3nw-mXdHk5yIEZYd6FtLpUjxk5Sqmuj-S88l7wvdLmeODYyPc3lKZEYtdGscSDBf8dB8K9HXg891WQzn8ER89Pu0R5Hj8DxeofwfMFLge25jSQ0vgpI5MyesbQTbYbU1XY5at7arUPXElRdaB_2Fg-yooEO-IwymImBn6JnnqG_XVykcYUdCITv7vU5vYDbLMzSRK9hrwbwSWCs3TPTNwdxVqcdjQYlqk7U0QmQWStrV_GyWSUOl2uoDm-L2wLw0KOjFiRojSQLw2uePNrJGuYWj3ZbdMvd-clcrv49ll44ISWatfNLBhU9pVqcj4zxZSUalyzT74LBGl2rB72oSWNNeOvdyY-Zj5PdOCQrckMg_541VAytZftVTPqTngvmiVMF3tktdyALM_LIoTc3FKxgttoWa7Y-bUCyZKC_NVwzK_Gf7OlaMIfWx5dQvwHulpdqtlyQVxFCuvwuxp03Qj5v5ndTKUkRFLxTzfwOlNgCSA88D20kD_t09mnEwXLDXRp1bBMkUtOhRn--PrpMVwATvg088CqDIJP8PZhBwWGH10-BH_B_x6vVBe422PsnDILhmoDM8hu_MwqaTx3OWM_BzQnVComx01HSAeqRBJwxkrcKtI1YqnL39G5fjYJFJ8TCYa-GweLcmZRBAPG8WWlWXNcwGKHwOOACeePIPJ8fMkn78lxfq_y6pj4lohUl7Q2lVqAZRuCFABMg2T4zHlRo7HEDyuFeB9rBGuKQYGYhwHzD7zWH2mmtlHU9UoZZWrHM6wz2oFBtAdI1bmhNzwe485Y0dT2TjEQuQV3DfhP6ApNZeEwNXjb0qBPBBiA10KqZoVyTGvqqsZzE-0Dj6iW7e5zRFfmr48rO3KMgyC1nbEc-uthLQuCidSe2dmdv5v90itAFxDxzKOkqhYHpxP6Ca794SkHvnGVyFjXceOVAFhndJ2bMB6yOcgQOyXj6WRG3wHeQmB5C7AOpsdXe-D4mHg2wjKhruZmvQZ0ca2aWB4dav_4NN_umX-c4H3YNe99Uipo01dNpqfpU-ZKcpl9_xMmi8aXKOxePMo6OvSol4DxtcGO7otjcW1RDkTYTtiN3Sk1fk1RBEdZgP8iazaoswaUpljJ_oB5HL2iZyrxiF_sngAFlq8prBMECSK15h4A5RhbLtTOjiGBrypS1PGSmo98i2uMuMpAGsh6AHlkJbibo4PzrQ83yHGRHfSq4k4XQc7sS9NWqKRc3MDZL5Hv5pXaviaN0y5skVDn1A6lSbz2q-ux7nIJ_S_SrU5n5nomux-V15PPkAkWnWZeqPW2YqZV6drNkrKKPd7RmLqw98AHt8jEQspdBjKK1W0U44coNtZoDz2VQgNM69bOI8F1zpiHAB_CxUmH_ZelW6XUMXA4ZqutOlu65kg4wVVaGTb3RZUnQ5eWD0W_E0AIlH2FIsVyS8ja_ZubYqLLaL9Nvfg93hy7wFYIds5Z0Vz4TSnucoT3AHEGkA5uvv23_HEZ45YH7cC5ZbEimF-9vRQo4zKVBClakXyTqKO8TSlB0tO-PBM81RvlnLqSnrC10HxztV1RZhoHFMdGJ2CPlg7HcwKrEhJPifXHeFXm02kMTYJazm88Ss_BICwqBR-Hc9DIuhHXDP3BsXEJ7NUdzxhlS3kN9lJgr8be6BSMsqaCQ2yEg4nzRiYPuPK6v_VH0kXfA8bsBbU7rFD92ui0BDaoz_wDa3y9xsmb093sjmtI6ObNIFtaZHAJ-si-Wu5CZ_2UJbYZepqBfI_wbGeCN5XT5RH5VJ_gNM6WenFlx6GcjByDmsvja_tJzOBXJiPdf6kWUGcBf6wK0n1nhtuOJFc5jYQ0H55y5D1B32TpSiETzCPBoq4bCuDMNLyEpMPlQtyu6GZobAB4XJthrDFDxHS33QLpE1HUfKKrUUZqJ-vUzjCYfbjKxio0WIX5aWCqFzCBaDA_kgTp8WTwztCkuM5iN_XTinatCDWeZ5pCKOQ-In9OUr8l8cEun73ryu6pXTi3Ve9PCwQH4AZwkEA5JFlk-L-2sOTHrEkFO_xHPOmwcRtC4C8yZe4jmFAteCtqXANIrzJ_ghr2RjAlhynpw3iXb44Brpr8rAuvRIjYqC3qXFmdoB_BvmjDYdGnrPA489DUn0lZfvk5gPw73FV2CORkLSzAw5CKrMLMTtUrMk_e9o41L6ItS05bUs4JbFpaXMcOvn1CA78yms847YaOqfWBmbS81yXM4IrQcxGMcgQTqS3N-65e9Ztlwb183KAg5k4a0O1HojBuwg9xjXoZcZZRHSVMIZie7Ae2xTzrPSallIVbIyeRkZKerwpHY7XQtI8ypij_hiu7DNj0QDVUBBjdcOmU5BOfHQ9ci7jAG2VgxgfAmPK2jYaualx44MaORvpoM9jVZC1TwQgb6ljVSw_fkYVevIIq92L3sypEgAzdYMvwDbbqJsMJLcomy_oLTMunzMhEgQw01dz8US_mp9vRPph4Mxod07Pkm7yPIIBEZoDQoFbJMamoC8Ry7N4EzZQtw8YJSxQq1O9HHXbI2KC_ow0klGY0F12bXVZYA20yZvKHTv7rTdgYH73vWi_S7xLNfxwbADR0Gz-9jTNVJAeB0RoJD3xx2y-Q32cEfwdwZaD8GmTAfLVoQZ8tWGpnstNtk33OQE7ADT9lkURlPIBlgwHoOmH62UlywZEkEMOQehZ4ILGDNRK91VgqHEXCp0XchTAmS0TIWfPiubgQFjkF6JdJJdeBfwS3s8clDwxGjT8mTnMMgYgm-BVj5IwPpzwe8TbN3NOQas4_W-hL95Ggk54kkh635iYyGgO3RICazDwSNpvCzYMiEUoC06-uZdOfIoSmKHLmtHxQXDC8v_T7gfrFMnO6z28PRGIiYUT2uNKTfl4Ub1MQ6Y1L4aX4gFtqlueFC4g3LbDgIlShe-XrX3UzSoo6i-PeMYWoCRRYRBJBB1iusTrm8Zr7MneQs7QpIL95BGKPs6aeBryAp75AeuBz4My4WmuR1DkabrcPtXAZ1Twpl501u_81rudiVRnANtnOik_OcdLxL5R5uCAV3QK7OmFMXR4Vbmx6FIli7oeDFQhp_CCDLU1AljH-wF5c3r_tAQ6gEx2quzlx2XeGepq68EF__zRlyKQB7bA-98OLSwy38_Uzg9TCP35APQG_U53rXtw88Lm8PGuHgzoWTKZTmve0ufoCAzcapRDEY7q9F0pYuMjVfaWArDP3Ff-YyEbWFiMgyuIKlS4Lq0CAH6_KOwH3FxLOmQKYRUESbAdBhrP74UK7RRqPWCFt9HrZSsn_MfWJC-d2nBDvjCfOENRMaFNrM1lZUNKG_xxgC4yh3hf6SiwmC1YWX4QqFtKSUR-fTJMHCgpu04V5GbXM3rQng-V4kcnoVmq6DmwtwbAf_cdqXFujsMWMsRvQmzuetF0NxqzFD3EohAqU2S9NKI5n9-bQfqqFhQUIs9uB0Jz_S7s7R0BxLPrRXMM_iYXDHBy7q4UU9LCO2r8TBuBTg6hyb_YFTAQOizObbJO-DLiD0I1RM-dNLFfwSstFNA9x3rbl5v-WGBsrR5GvDg9uXqKn53QbKnMDmq0oo6yq7VTjrGbIErR4XTWme6t6yzl0MB6Isz-HR53jtFSXTn5Ge2r8iSkliP2ESNykAd51puY-xC5kbFeBSg_pR7LOrnEAsXHaracpe_7KaLx2DvwktKyQ3xtqZdcyxDREtFXyUjCgyYTPiaez54wY4y-LvBxgXoTHSTu36K4qwBcpiZGa8nb6UmdPjKo_C836M70W5ysYMt_HTfnzBrXzmWmtNFgZnAfvcPGSxS3qVaDEomWMe6pxErPYa9RiEBWhwF8LetoH3jNYTAdnxpgP-psZ_SYiu_TB; .AspNetCore.CookiesC3=h2F7kmgGEI6HxrBiGce3Sf4FhwIKSxGYFqljy-e1615YL8qxG2TeYkeBC_yFE4PaPTK7uPLc2WqjQHoov6_IZJLIWVDnGl0FxMZRtxJ-7UTwHcv3rlEVK3kV4DiR8gq2w1OOZ3Vt_HUz7aCQDoNoDg44eNz9tyEUOajzPWGTWEbB_Q5tmdgiBpBWzy-x5b7AMAx0LkihbQgpJtW-r16A3PuIBWekYS_fvRuXdA6rGy1i6LBY_8A04SOfgS3d8RaNeCbtj8-gn9HfMFhmKqzqEauluQI245l4UTCmg0tGcBH7zlfisxy31bCVeJxqzhCqU3uRUXyT3tdK7yFCtV_D35CI0QmtzOXdddGVhjjl6MEEbikoD49u9uzGHDDqBVLbz99m6ySCUnqMZRvdZtfJ_s3iop6XpZEOrr6yTReKPfIKMGTnFlMfd-sUXcQpSsv_fzRJzj3Mz-HXNJxf5Sd8n9Qij-exDHPjjiO1qVl7QP6sTsfXlB6PlIt9xmpscfBoBGs1FAOBfBns0X81F5vSP_m-lpF-AtsyCapAy1B0sMcJ0fcmpsPFrUZcVPqXG2s1IesxrD8h3Lxt2QVrZ0lzfkDeFm-lO3jjhcZJ5xIY1cbByySX3rESzMsBZbFoxoc0IlOgWUUOmR9eazll6L6xa3bv78V4L0voQNbd08sdd_UvvxYNRN7wGu38fNt8h_tEsJ0cxsayoXBG20RoTjrbQN9DFtyRefuoe4KbGUxnC9GZO_GHy21UNYfxJtgc0elQKlrGgNvR2XieB-syIN1rnCAvqOL060rn9JzMCXqLE0biF8peusMRPMbspgmNTEIdcxJZBpLxq1n3fGoBdBisrmGq9dhf3tPy4JUD7rHC6sKN_0YneqtSHXwWDm75N3tf6LJGpbW1bQB4Jt7umW5acbxe2F1GNbOm8q240; XSRF-TOKEN=CfDJ8F7aGbFExBVFkK26KfWZ3TqsdIbGxeB1YGXkq0D-qW_2oehupzpD5bkMfsatG9FyS0sMZ5XElbK_jsR7pIu6o4o0W2wJjg7N9nmAOtgo0DhAQc0qaZXYU4DlxQgghDvgomYSbohNbL9ka5cZT2WN27sDYMIob94OXSz1FafWyKzd4pgjpV9o7tc0__54Jwa67A
DNT: 1

Response:

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Server: Kestrel
Set-Cookie: .AspNetCore.Cookies=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
Set-Cookie: .AspNetCore.CookiesC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
Set-Cookie: .AspNetCore.CookiesC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
Set-Cookie: .AspNetCore.CookiesC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Date: Tue, 26 Feb 2019 19:26:20 GMT
Content-Length: 0
question
Source
picture ChrisSorel

All 8 comments

Anything? Not sure if this got seen because when I created it my account was flagged.

ChrisSorel picture ChrisSorel on 28 Feb 2019

Yes, that's how the session management stuff works.

brockallen picture brockallen on 28 Feb 2019

Sorry, I'm confused. The browser is literally downloading a 0 byte file to My Downloads called signout-oidc. This is expected behavior?

ChrisSorel picture ChrisSorel on 28 Feb 2019

I don't use Identity Server but it's also happening in my application. It started happening a few days ago and nothing was changed in the application. If you remove "
X-Content-Type-Options: nosniff" from the Header, probably it will stop downloading the page. But we still don't know why it's happening.

guinatal picture guinatal on 1 Mar 2019

Thanks for the info, @guinatal. It doesn't happen on Edge or firefox for me. Only seems to happen on chrome. I noticed that the version of Chrome I'm on: 72.0.3626.119 was released on Feb 21. I'm guessing that their latest update is probably causing the issue when the nosniff header is included on a 0 byte response.

ChrisSorel picture ChrisSorel on 1 Mar 2019
👍1

Closing this issue, as it appears to a browser issue, and not ID Server or the Microsoft.AspNetCore.Authentication.OpenIdConnect code. I'll update if I find a resolution to the browser issue.

ChrisSorel picture ChrisSorel on 2 Mar 2019
👍1

Did you happen to look at the response headers that request?

brockallen picture brockallen on 2 Mar 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 11 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wangkanai picture wangkanai  路  3Comments
osmankibar picture osmankibar  路  3Comments
leastprivilege picture leastprivilege  路  3Comments
klioqc picture klioqc  路  3Comments
leksim picture leksim  路  3Comments