github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix call order in middleware

pull/21704/head
Sarah Alsmiller 2024-09-11 11:01:28 -05:00
parent 957301e092
commit 55c0ece134
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.changelog/21704.txt
View File

@ -1,3 +1,3 @@
```release-note:security
Explicitly set 'Content-Type' header to mitigate XSS vulnerability.
Explicitly set 'Content-Type' header to mitigate XSS vulnerability.
```

3
agent/http.go
View File

@ -352,12 +352,13 @@ func withRemoteAddrHandler(next http.Handler) http.Handler {
func ensureContentTypeHeader(next http.Handler, logger hclog.Logger) http.Handler {
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
next.ServeHTTP(resp, req)
val := resp.Header().Get(contentTypeHeader)
if val == "" {
resp.Header().Set(contentTypeHeader, plainContentType)
logger.Debug("warning: content-type header not explicitly set.", "request-path", req.URL)
}
next.ServeHTTP(resp, req)
})
}