Correct spelling, always set header

internal/webserver/authenticators/pam.go

@@ -118,9 +118,7 @@ func (t *Pam) AuthorisationAPI(w http.ResponseWriter, r *http.Request) {
 	challenge, err := user.Authenticate(clientTunnelIp.String(), t.Type(), t.AuthoriseFunc(w, r))
 
 	msg, status := resultMessage(err)
-	if err != nil {
-		w.Header().Set("WAG-CHALLENGE", challenge)
-	}
+	w.Header().Set("WAG-CHALLENGE", challenge)
 
 	jsonResponse(w, msg, status)
 

internal/webserver/authenticators/totp.go

@@ -176,9 +176,7 @@ func (t *Totp) AuthorisationAPI(w http.ResponseWriter, r *http.Request) {
 	}
 
 	challenge, err := user.Authenticate(clientTunnelIp.String(), t.Type(), t.AuthoriseFunc(w, r))
-	if err != nil {
-		w.Header().Set("WAG-CHALLENGE", challenge)
-	}
+	w.Header().Set("WAG-CHALLENGE", challenge)
 
 	msg, status := resultMessage(err)
 	jsonResponse(w, msg, status)

internal/webserver/authenticators/webauthn.go

@@ -156,13 +156,9 @@ func (wa *Webauthn) RegistrationAPI(w http.ResponseWriter, r *http.Request) {
 
 				return nil
 			})
+		w.Header().Set("WAG-CHALLENGE", challenge)
 
 		msg, status := resultMessage(err)
-
-		if err != nil {
-			w.Header().Set("WAG-CHALLENGE", challenge)
-		}
-
 		jsonResponse(w, msg, status) // Send back an error message before we do the server side of handling it
 
 		if err != nil {

internal/webserver/resources/static/js/challenge.js

@@ -3,7 +3,7 @@ const httpsEnabled = window.location.protocol == "https:";
 const url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + "/challenge/";
 
 
-let challenge = localStorage.getItem("challange");
+let challenge = localStorage.getItem("challenge");
 if (challenge === null) {
     // oidc sets the challenge via cookie
     challenge = getCookie("challenge");