🐛 fix content-type header for ban and captcha page (#166)

* 🍱 fix content-type header for ban and captcha page * 🍱 Add comment to warn future developer --------- Co-authored-by: max.lerebourg <[email protected]>
maxlerebourg · May 16, 2024 · 70ad036 · 70ad036
1 parent 8975216
commit 70ad036
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/bouncer.go b/bouncer.go
@@ -327,12 +327,15 @@ type Login struct {
 	Expire string `json:"expire"`
 }
 
+// To append Headers we need to call rw.WriteHeader after set any header.
 func handleBanServeHTTP(bouncer *Bouncer, rw http.ResponseWriter) {
-	rw.WriteHeader(http.StatusForbidden)
-	if bouncer.banTemplateString != "" {
-		rw.Header().Set("Content-Type", "text/html; charset=utf-8")
-		fmt.Fprint(rw, bouncer.banTemplateString)
+	if bouncer.banTemplateString == "" {
+		rw.WriteHeader(http.StatusForbidden)
+		return
 	}
+	rw.Header().Set("Content-Type", "text/html; charset=utf-8")
+	rw.WriteHeader(http.StatusForbidden)
+	fmt.Fprint(rw, bouncer.banTemplateString)
 }
 
 func handleRemediationServeHTTP(bouncer *Bouncer, remoteIP, remediation string, rw http.ResponseWriter, req *http.Request) {

diff --git a/pkg/captcha/captcha.go b/pkg/captcha/captcha.go
@@ -86,6 +86,8 @@ func (c *Client) ServeHTTP(rw http.ResponseWriter, r *http.Request, remoteIP str
 		http.Redirect(rw, r, r.URL.String(), http.StatusFound)
 		return
 	}
+	rw.Header().Set("Content-Type", "text/html; charset=utf-8")
+	rw.WriteHeader(http.StatusOK)
 	err = c.captchaTemplate.Execute(rw, map[string]string{
 		"SiteKey":     c.siteKey,
 		"FrontendJS":  captcha[c.provider].js,