Bug #8860
/token endpoint doesn't set a content-type and character encoding
0%
Description
On Firefox only, requests to the /portal/token endpoint (i.e., the one MetacatUI and other clients use to fetch their auth tokens, like https://cn.dataone.org/portal/token) result in errors in the browser console.
When you access the URL via an XHR request, you see:
XML Parsing Error: syntax error
Location: https://cn-stage.test.dataone.org/portal/token
Line Number 1, Column 1:
When you access the URL directly in Firefox:
The character encoding of the plain text document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the file needs to be declared in the transfer protocol or file needs to use a byte order mark as an encoding signature.
I had a hunch that this error would go away if the response simply had the Content-Type header set to text/plain; charset=utf-8 so I spun up mitmproxy, made that edit to the intercepted response, and saw that the error does go away.
I think we should modify the portal code to set the Content-Type header like above so the error goes away.
