order matters

hashicorp · Nov 19, 2024 · 7410b73 · 7410b73
1 parent 7090178
commit 7410b73
Showing 1 changed file with 11 additions and 12 deletions.
diff --git a/command/agent/http.go b/command/agent/http.go
@@ -746,9 +746,9 @@ func (s *HTTPServer) wrap(handler func(resp http.ResponseWriter, req *http.Reque
 				}
 			}
 
+			resp.Header().Set(contentTypeHeader, plainContentType)
 			resp.WriteHeader(code)
 			resp.Write([]byte(errMsg))
-			resp.Header().Set(contentTypeHeader, plainContentType)
 			if isAPIClientError(code) {
 				s.logger.Debug("request failed", "method", req.Method, "path", reqURL, "error", err, "code", code)
 			} else {
@@ -805,17 +805,16 @@ func (s *HTTPServer) wrapNonJSON(handler func(resp http.ResponseWriter, req *htt
 		// Check for an error
 		if err != nil {
 			code, errMsg := errCodeFromHandler(err)
+			resp.Header().Set(contentTypeHeader, plainContentType)
 			resp.WriteHeader(code)
 			resp.Write([]byte(errMsg))
-			resp.Header().Set(contentTypeHeader, plainContentType)
 			if isAPIClientError(code) {
 				s.logger.Debug("request failed", "method", req.Method, "path", reqURL, "error", err, "code", code)
 			} else {
 				s.logger.Error("request failed", "method", req.Method, "path", reqURL, "error", err, "code", code)
 			}
 			return
 		}
-
 		// write response
 		if obj != nil {
 			resp.Write(obj)
@@ -889,19 +888,19 @@ func parseWait(resp http.ResponseWriter, req *http.Request, b *structs.QueryOpti
 	if wait := query.Get("wait"); wait != "" {
 		dur, err := time.ParseDuration(wait)
 		if err != nil {
+			resp.Header().Set(contentTypeHeader, plainContentType)
 			resp.WriteHeader(http.StatusBadRequest)
 			resp.Write([]byte("Invalid wait time"))
-			resp.Header().Set(contentTypeHeader, plainContentType)
 			return true
 		}
 		b.MaxQueryTime = dur
 	}
 	if idx := query.Get("index"); idx != "" {
 		index, err := strconv.ParseUint(idx, 10, 64)
 		if err != nil {
+			resp.Header().Set(contentTypeHeader, plainContentType)
 			resp.WriteHeader(http.StatusBadRequest)
 			resp.Write([]byte("Invalid index"))
-			resp.Header().Set(contentTypeHeader, plainContentType)
 			return true
 		}
 		b.MinQueryIndex = index
@@ -920,9 +919,9 @@ func parseConsistency(resp http.ResponseWriter, req *http.Request, b *structs.Qu
 		staleQuery, err := strconv.ParseBool(staleVal[0])
 		if err != nil {
 			errMsg := "Expect `true` or `false` for `stale` query string parameter"
+			resp.Header().Set(contentTypeHeader, plainContentType)
 			resp.WriteHeader(http.StatusBadRequest)
 			resp.Write([]byte(errMsg))
-			resp.Header().Set(contentTypeHeader, plainContentType)
 			return CodedError(http.StatusBadRequest, errMsg)
 		}
 		b.AllowStale = staleQuery
@@ -1045,9 +1044,9 @@ func parsePagination(resp http.ResponseWriter, req *http.Request, b *structs.Que
 		perPage, err := strconv.ParseInt(rawPerPage, 10, 32)
 		if err != nil {
 			errMsg := "Expect a number for `per_page` query string parameter"
+			resp.Header().Set(contentTypeHeader, plainContentType)
 			resp.WriteHeader(http.StatusBadRequest)
 			resp.Write([]byte(errMsg))
-			resp.Header().Set(contentTypeHeader, plainContentType)
 			return CodedError(http.StatusBadRequest, errMsg)
 		}
 		b.PerPage = int32(perPage)
@@ -1167,17 +1166,17 @@ func (a *authMiddleware) ServeHTTP(resp http.ResponseWriter, req *http.Request)
 	reply := structs.ACLWhoAmIResponse{}
 	if a.srv.parse(resp, req, &args.Region, &args.QueryOptions) {
 		// Error parsing request, 400
+		resp.Header().Set(contentTypeHeader, plainContentType)
 		resp.WriteHeader(http.StatusBadRequest)
 		resp.Write([]byte(http.StatusText(http.StatusBadRequest)))
-		resp.Header().Set(contentTypeHeader, plainContentType)
 		return
 	}
 
 	if args.AuthToken == "" {
 		// 401 instead of 403 since no token was present.
+		resp.Header().Set(contentTypeHeader, plainContentType)
 		resp.WriteHeader(http.StatusUnauthorized)
 		resp.Write([]byte(http.StatusText(http.StatusUnauthorized)))
-		resp.Header().Set(contentTypeHeader, plainContentType)
 		return
 	}
 
@@ -1186,25 +1185,25 @@ func (a *authMiddleware) ServeHTTP(resp http.ResponseWriter, req *http.Request)
 		// credentials, so convert it to a Forbidden response code.
 		if strings.HasSuffix(err.Error(), structs.ErrPermissionDenied.Error()) {
 			a.srv.logger.Debug("Failed to authenticated Task API request", "method", req.Method, "url", req.URL)
+			resp.Header().Set(contentTypeHeader, plainContentType)
 			resp.WriteHeader(http.StatusForbidden)
 			resp.Write([]byte(http.StatusText(http.StatusForbidden)))
-			resp.Header().Set(contentTypeHeader, plainContentType)
 			return
 		}
 
 		a.srv.logger.Error("error authenticating built API request", "error", err, "url", req.URL, "method", req.Method)
+		resp.Header().Set(contentTypeHeader, plainContentType)
 		resp.WriteHeader(http.StatusInternalServerError)
 		resp.Write([]byte("Server error authenticating request\n"))
-		resp.Header().Set(contentTypeHeader, plainContentType)
 		return
 	}
 
 	// Require an acl token or workload identity
 	if reply.Identity == nil || (reply.Identity.ACLToken == nil && reply.Identity.Claims == nil) {
 		a.srv.logger.Debug("Failed to authenticated Task API request", "method", req.Method, "url", req.URL)
+		resp.Header().Set(contentTypeHeader, plainContentType)
 		resp.WriteHeader(http.StatusForbidden)
 		resp.Write([]byte(http.StatusText(http.StatusForbidden)))
-		resp.Header().Set(contentTypeHeader, plainContentType)
 		return
 	}