`cors: true` causes "Cannot set headers after they are sent to the client" error

[TokugawaTakeshi]

Description

Error message:

 POST /api/sign_in 500 15.225 ms - 75
node:internal/errors:496
ErrorCaptureStackTrace(err);

2023-10-14 13:43:01 Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
2023-10-14 13:43:01     at new NodeError (node:internal/errors:405:5)
2023-10-14 13:43:01     at ServerResponse.setHeader (node:_http_outgoing:648:11)
2023-10-14 13:43:01     at ServerResponse.header (/var/www/*****.com/node_modules/express/lib/response.js:794:10)
2023-10-14 13:43:01     at ServerResponse.send (/var/www/*****.com/node_modules/express/lib/response.js:174:12)
2023-10-14 13:43:01     at ExpressDriver.handleError (/var/www/*****.com/node_modules/routing-controllers/cjs/driver/express/ExpressDriver.js:354:26)
2023-10-14 13:43:01     at /var/www/*****.com/node_modules/routing-controllers/cjs/RoutingControllers.js:101:32
2023-10-14 13:43:01     at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
2023-10-14 13:43:01   code: 'ERR_HTTP_HEADERS_SENT'

occurs after returning from the if-block of the below code:

import User from "@Entities/AccessControl/User";
import AccessControlGateway from "@Gateways/AccessControl/AccessControlGateway";
import type UserGateway from "@Gateways/UserGateway";
import Routing from "@Interactions/ClientAndFrontServer/Routing";
import Express from "express";
import { Controller, Post, Body, Res } from "routing-controllers";
import FrontServerDependenciesInjector from "@FrontServer/FrontServerDependencies";
import { isNull, RawObjectDataProcessor, HTTP_StatusCodes } from "@yamato-daiwa/es-extensions";
import AccessControlTransactions from "@Interactions/ClientAndFrontServer/Transactions/AccessControlTransactions";


@Controller()
class AccessControlController {

  private readonly userGateway: UserGateway = FrontServerDependenciesInjector.gateways.user;

  @Post(Routing.API.SigningIn.URN_PATH)
  protected async signIn(
    @Body({ required: true }) requestData: AccessControlGateway.SigningIn.RequestData,
    @Res() response: Express.Response
  ): Promise<void> {

    const targetUser: User | null = await this.userGateway.retrieveByEmailAddressIfExists(requestData.emailAddress);

    if (isNull(targetUser)) {

      response.
          status(HTTP_StatusCodes.notFound).
          json({
            cause: AccessControlTransactions.SigningIn.Failure.TypicalCauses.userNotFound,
            localizedMessage: "User with specified email not found"
          });

      return;

    }

  }

}

I get experimentally that it will not occur if to remove cors: true from the below code:

import { createExpressServer } from 'routing-controllers';
import { AccessControlController} from './../../AccessControlController';

const app = createExpressServer({
  cors: true,
  controllers: [UserController],
});

app.listen(3000);

Expected behavior

No "Cannot set headers after they are sent to the client" error will occur.

Actual behavior

Error "Cannot set headers after they are sent to the client" occurs because of cors: true option.

[attilaorosz]

If you create the response yourself then you have to return the response object from the controller.

[TokugawaTakeshi]

@attilaorosz

Thank you for the answer!
I'll close this issue for now.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.