From 8beb78ec3f9ad6875165caac9a7e5ff13b698eb6 Mon Sep 17 00:00:00 2001
From: Egon Elbre <egonelbre@gmail.com>
Date: Mon, 8 May 2023 16:53:46 +0300
Subject: [PATCH] {satellite,multinode}/console: fix WriteHeader

w.Header().Set needs to be called before WriteHeader,
because WriteHeader sends all the headers and calls to
Set won't have any effect afterwards.

Change-Id: Ia6b1c5e2cd54201a6c3980d63de04a0095b2db9a
---
 multinode/console/controllers/common.go         | 2 +-
 satellite/console/consoleweb/consoleapi/auth.go | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/multinode/console/controllers/common.go b/multinode/console/controllers/common.go
index eb2884349..b0dee604d 100644
--- a/multinode/console/controllers/common.go
+++ b/multinode/console/controllers/common.go
@@ -29,8 +29,8 @@ func NewNotFound(log *zap.Logger) http.Handler {
 
 // ServeHTTP serves 404 response with json error when resource is not found.
 func (handler *NotFound) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	w.WriteHeader(http.StatusNotFound)
 	w.Header().Add("Content-Type", "application/json")
+	w.WriteHeader(http.StatusNotFound)
 
 	var response struct {
 		Error string `json:"error"`
diff --git a/satellite/console/consoleweb/consoleapi/auth.go b/satellite/console/consoleweb/consoleapi/auth.go
index 29f307a08..852e3bb25 100644
--- a/satellite/console/consoleweb/consoleapi/auth.go
+++ b/satellite/console/consoleweb/consoleapi/auth.go
@@ -845,8 +845,8 @@ func (a *Auth) ResetPassword(w http.ResponseWriter, r *http.Request) {
 	err = a.service.ResetPassword(ctx, resetPassword.RecoveryToken, resetPassword.NewPassword, resetPassword.MFAPasscode, resetPassword.MFARecoveryCode, time.Now())
 
 	if console.ErrMFAMissing.Has(err) || console.ErrMFAPasscode.Has(err) || console.ErrMFARecoveryCode.Has(err) {
-		w.WriteHeader(a.getStatusCode(err))
 		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(a.getStatusCode(err))
 
 		err = json.NewEncoder(w).Encode(map[string]string{
 			"error": a.getUserErrorMessage(err),
@@ -861,8 +861,8 @@ func (a *Auth) ResetPassword(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if console.ErrTokenExpiration.Has(err) {
-		w.WriteHeader(a.getStatusCode(err))
 		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(a.getStatusCode(err))
 
 		err = json.NewEncoder(w).Encode(map[string]string{
 			"error": a.getUserErrorMessage(err),