Add Content-Type and Cache headers to introspect/revocation errors

author: Jonathan Huot <jonathan.huot@thomsonreuters.com> 2018-12-13 10:43:12 +0100
committer: Jonathan Huot <jonathan.huot@thomsonreuters.com> 2018-12-13 10:43:12 +0100
commit: 61458583d83959a37e56c20eb09546aaa63b4829 (patch)
tree: bbd31c8613d2642bc9c3e4ded1323d43ffa3998f /oauthlib/oauth2/rfc6749
parent: a9ec83a40477e6b5b460b6f203607199f5f16779 (diff)
download: oauthlib-61458583d83959a37e56c20eb09546aaa63b4829.tar.gz
2 files changed, 14 insertions, 7 deletions
diff --git a/oauthlib/oauth2/rfc6749/endpoints/introspect.py b/oauthlib/oauth2/rfc6749/endpoints/introspect.py
index 4db1bdc..4a531e4 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/introspect.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/introspect.py
@@ -57,24 +57,25 @@ class IntrospectEndpoint(BaseEndpoint):
         an introspection response indicating the token is not active
         as described in Section 2.2.
         """
+        headers = {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache',
+        }
         request = Request(uri, http_method, body, headers)
         try:
             self.validate_introspect_request(request)
             log.debug('Token introspect valid for %r.', request)
         except OAuth2Error as e:
             log.debug('Client error during validation of %r. %r.', request, e)
-            return e.headers, e.json, e.status_code
+            headers.update(e.headers)
+            return headers, e.json, e.status_code
 
         claims = self.request_validator.introspect_token(
             request.token,
             request.token_type_hint,
             request
         )
-        headers = {
-            'Content-Type': 'application/json',
-            'Cache-Control': 'no-store',
-            'Pragma': 'no-cache',
-        }
         if claims is None:
             return headers, json.dumps(dict(active=False)), 200
         if "active" in claims:
diff --git a/oauthlib/oauth2/rfc6749/endpoints/revocation.py b/oauthlib/oauth2/rfc6749/endpoints/revocation.py
index 6c59a1e..f7e591d 100644
--- a/oauthlib/oauth2/rfc6749/endpoints/revocation.py
+++ b/oauthlib/oauth2/rfc6749/endpoints/revocation.py
@@ -59,6 +59,11 @@ class RevocationEndpoint(BaseEndpoint):
         An invalid token type hint value is ignored by the authorization server
         and does not influence the revocation response.
         """
+        headers = {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'no-store',
+            'Pragma': 'no-cache',
+        }
         request = Request(
             uri, http_method=http_method, body=body, headers=headers)
         try:
@@ -69,7 +74,8 @@ class RevocationEndpoint(BaseEndpoint):
             response_body = e.json
             if self.enable_jsonp and request.callback:
                 response_body = '%s(%s);' % (request.callback, response_body)
-            return e.headers, response_body, e.status_code
+            headers.update(e.headers)
+            return headers, response_body, e.status_code
 
         self.request_validator.revoke_token(request.token,
                                             request.token_type_hint, request)
author	Jonathan Huot <jonathan.huot@thomsonreuters.com>	2018-12-13 10:43:12 +0100
committer	Jonathan Huot <jonathan.huot@thomsonreuters.com>	2018-12-13 10:43:12 +0100
commit	61458583d83959a37e56c20eb09546aaa63b4829 (patch)
tree	bbd31c8613d2642bc9c3e4ded1323d43ffa3998f /oauthlib/oauth2/rfc6749
parent	a9ec83a40477e6b5b460b6f203607199f5f16779 (diff)
download	oauthlib-61458583d83959a37e56c20eb09546aaa63b4829.tar.gz