Add Content-Type and Cache headers to introspect/revocation errors

4 files changed, 47 insertions, 15 deletions

diff --git a/oauthlib/oauth2/rfc6749/endpoints/introspect.py b/oauthlib/oauth2/rfc6749/endpoints/introspect.py
index 4db1bdc..4a531e4 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/introspect.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/introspect.py
@@ -57,24 +57,25 @@ class IntrospectEndpoint(BaseEndpoint):
         an introspection response indicating the token is not active
         as described in Section 2.2.
         """
+        headers = {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache',
+        }
         request = Request(uri, http_method, body, headers)
         try:
             self.validate_introspect_request(request)
             log.debug('Token introspect valid for %r.', request)
         except OAuth2Error as e:
             log.debug('Client error during validation of %r. %r.', request, e)
-            return e.headers, e.json, e.status_code
+            headers.update(e.headers)
+            return headers, e.json, e.status_code
 
         claims = self.request_validator.introspect_token(
             request.token,
             request.token_type_hint,
             request
         )
-        headers = {
-            'Content-Type': 'application/json',
-            'Cache-Control': 'no-store',
-            'Pragma': 'no-cache',
-        }
         if claims is None:
             return headers, json.dumps(dict(active=False)), 200
         if "active" in claims:
diff --git a/oauthlib/oauth2/rfc6749/endpoints/revocation.py b/oauthlib/oauth2/rfc6749/endpoints/revocation.py
index 6c59a1e..f7e591d 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/revocation.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/revocation.py
@@ -59,6 +59,11 @@ class RevocationEndpoint(BaseEndpoint):
         An invalid token type hint value is ignored by the authorization server
         and does not influence the revocation response.
         """
+        headers = {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache',
+        }
         request = Request(
             uri, http_method=http_method, body=body, headers=headers)
         try:
@@ -69,7 +74,8 @@ class RevocationEndpoint(BaseEndpoint):
             response_body = e.json
             if self.enable_jsonp and request.callback:
                 response_body = '%s(%s);' % (request.callback, response_body)
-            return e.headers, response_body, e.status_code
+            headers.update(e.headers)
+            return headers, response_body, e.status_code
 
         self.request_validator.revoke_token(request.token,
                                             request.token_type_hint, request)
diff --git a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
index e41b83f..f92652b 100644
--- a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
+++ b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
@@ -86,7 +86,12 @@ class IntrospectEndpointTest(TestCase):
                           ('token_type_hint', 'access_token')])
         h, b, s = self.endpoint.create_introspect_response(self.uri,
                 headers=self.headers, body=body)
-        self.assertEqual(h, {"WWW-Authenticate": 'Bearer, error="invalid_client"'})
+        self.assertEqual(h, {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache',
+            "WWW-Authenticate": 'Bearer, error="invalid_client"'
+        })
         self.assertEqual(loads(b)['error'], 'invalid_client')
         self.assertEqual(s, 401)
 
@@ -109,7 +114,12 @@ class IntrospectEndpointTest(TestCase):
                           ('token_type_hint', 'access_token')])
         h, b, s = self.endpoint.create_introspect_response(self.uri,
                 headers=self.headers, body=body)
-        self.assertEqual(h, {"WWW-Authenticate": 'Bearer, error="invalid_client"'})
+        self.assertEqual(h, {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache',
+            "WWW-Authenticate": 'Bearer, error="invalid_client"'
+        })
         self.assertEqual(loads(b)['error'], 'invalid_client')
         self.assertEqual(s, 401)
 
@@ -121,12 +131,12 @@ class IntrospectEndpointTest(TestCase):
                           ('token_type_hint', 'refresh_token')])
         h, b, s = endpoint.create_introspect_response(self.uri,
                 headers=self.headers, body=body)
-        self.assertEqual(h, {})
+        self.assertEqual(h, self.resp_h)
         self.assertEqual(loads(b)['error'], 'unsupported_token_type')
         self.assertEqual(s, 400)
 
         h, b, s = endpoint.create_introspect_response(self.uri,
                 headers=self.headers, body='')
-        self.assertEqual(h, {})
+        self.assertEqual(h, self.resp_h)
         self.assertEqual(loads(b)['error'], 'invalid_request')
         self.assertEqual(s, 400)
diff --git a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
index a6a5cb2..2a24177 100644
--- a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
+++ b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
@@ -24,6 +24,11 @@ class RevocationEndpointTest(TestCase):
         self.headers = {
             'Content-Type': 'application/x-www-form-urlencoded',
         }
+        self.resp_h = {
+            'Cache-Control': 'no-store',
+            'Content-Type': 'application/json',
+            'Pragma': 'no-cache'
+        }
 
     def test_revoke_token(self):
         for token_type in ('access_token', 'refresh_token', 'invalid'):
@@ -49,7 +54,12 @@ class RevocationEndpointTest(TestCase):
                           ('token_type_hint', 'access_token')])
         h, b, s = self.endpoint.create_revocation_response(self.uri,
                 headers=self.headers, body=body)
-        self.assertEqual(h, {"WWW-Authenticate": 'Bearer, error="invalid_client"'})
+        self.assertEqual(h, {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache',
+            "WWW-Authenticate": 'Bearer, error="invalid_client"'
+        })
         self.assertEqual(loads(b)['error'], 'invalid_client')
         self.assertEqual(s, 401)
 
@@ -72,7 +82,12 @@ class RevocationEndpointTest(TestCase):
                           ('token_type_hint', 'access_token')])
         h, b, s = self.endpoint.create_revocation_response(self.uri,
                 headers=self.headers, body=body)
-        self.assertEqual(h, {"WWW-Authenticate": 'Bearer, error="invalid_client"'})
+        self.assertEqual(h, {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache',
+            "WWW-Authenticate": 'Bearer, error="invalid_client"'
+        })
         self.assertEqual(loads(b)['error'], 'invalid_client')
         self.assertEqual(s, 401)
 
@@ -96,12 +111,12 @@ class RevocationEndpointTest(TestCase):
                           ('token_type_hint', 'refresh_token')])
         h, b, s = endpoint.create_revocation_response(self.uri,
                 headers=self.headers, body=body)
-        self.assertEqual(h, {})
+        self.assertEqual(h, self.resp_h)
         self.assertEqual(loads(b)['error'], 'unsupported_token_type')
         self.assertEqual(s, 400)
 
         h, b, s = endpoint.create_revocation_response(self.uri,
                 headers=self.headers, body='')
-        self.assertEqual(h, {})
+        self.assertEqual(h, self.resp_h)
         self.assertEqual(loads(b)['error'], 'invalid_request')
         self.assertEqual(s, 400)