From 2e8c7075ff1d5bb070bb3a43cf022a8add198cbe Mon Sep 17 00:00:00 2001 From: Trong Huu Nguyen Date: Mon, 3 Feb 2025 11:38:35 +0100 Subject: [PATCH] fix: set content-type header before status --- internal/http/middleware.go | 2 +- pkg/handler/reverseproxy.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/http/middleware.go b/internal/http/middleware.go index 390cf2b..a6efd17 100644 --- a/internal/http/middleware.go +++ b/internal/http/middleware.go @@ -19,8 +19,8 @@ func DisallowNonNavigationalRequests(next http.Handler) http.Handler { span := trace.SpanFromContext(r.Context()) span.SetAttributes(attribute.Bool("request.disallowed", true)) - w.WriteHeader(http.StatusUnauthorized) w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusUnauthorized) w.Write([]byte(`{"error": "unauthenticated", "error_description": "this is an interactive endpoint; user-agents must be navigated to this endpoint", "error_path": "` + r.URL.Path + `"}`)) return } diff --git a/pkg/handler/reverseproxy.go b/pkg/handler/reverseproxy.go index 956287a..af7b87c 100644 --- a/pkg/handler/reverseproxy.go +++ b/pkg/handler/reverseproxy.go @@ -203,12 +203,13 @@ func handleAutologin(src ReverseProxySource, w http.ResponseWriter, r *http.Requ location := loginURL(target, "non-navigation request detected; responding with 401 and Location header") w.Header().Set("Location", location) - w.WriteHeader(http.StatusUnauthorized) if httpinternal.Accepts(r, "*/*", "application/json") { w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusUnauthorized) w.Write([]byte(`{"error": "unauthenticated, please log in"}`)) } else { + w.WriteHeader(http.StatusUnauthorized) w.Write([]byte("unauthenticated, please log in")) } }