From 467dd6af09759cc44ddd00f1a07cc34c67822ed4 Mon Sep 17 00:00:00 2001
From: joel <lee.yi.jie.joel@gmail.com>
Date: Wed, 8 May 2024 14:36:42 +0800
Subject: [PATCH 1/2] fix: add additional information around missing content
 type headers

---
 internal/api/hooks.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/internal/api/hooks.go b/internal/api/hooks.go
index 4efc33512..226cb0c5d 100644
--- a/internal/api/hooks.go
+++ b/internal/api/hooks.go
@@ -140,9 +140,12 @@ func (a *API) runHTTPHook(r *http.Request, hookConfig conf.ExtensibilityPointCon
 		defer rsp.Body.Close()
 		// Header.Get is case insensitive
 		contentType := rsp.Header.Get("Content-Type")
+		if contentType == "" {
+			return nil, internalServerError("Invalid Content-Type: Missing Content-Type header")
+		}
 		mediaType, _, err := mime.ParseMediaType(contentType)
 		if err != nil {
-			return nil, internalServerError("Invalid Content-Type header")
+			return nil, internalServerError(fmt.Sprintf("Invalid Content-Type header: %s", err.Error()))
 		}
 		if mediaType != "application/json" {
 			return nil, internalServerError("Invalid JSON response. Received content-type: " + contentType)

From e6603c79d0eb878001ba11d07057469539daf034 Mon Sep 17 00:00:00 2001
From: joel <lee.yi.jie.joel@gmail.com>
Date: Wed, 8 May 2024 14:52:18 +0800
Subject: [PATCH 2/2] fix: perform header check only when there's a 200

---
 internal/api/hooks.go | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/internal/api/hooks.go b/internal/api/hooks.go
index 226cb0c5d..89d2d2fe3 100644
--- a/internal/api/hooks.go
+++ b/internal/api/hooks.go
@@ -138,21 +138,21 @@ func (a *API) runHTTPHook(r *http.Request, hookConfig conf.ExtensibilityPointCon
 		}
 
 		defer rsp.Body.Close()
-		// Header.Get is case insensitive
-		contentType := rsp.Header.Get("Content-Type")
-		if contentType == "" {
-			return nil, internalServerError("Invalid Content-Type: Missing Content-Type header")
-		}
-		mediaType, _, err := mime.ParseMediaType(contentType)
-		if err != nil {
-			return nil, internalServerError(fmt.Sprintf("Invalid Content-Type header: %s", err.Error()))
-		}
-		if mediaType != "application/json" {
-			return nil, internalServerError("Invalid JSON response. Received content-type: " + contentType)
-		}
 
 		switch rsp.StatusCode {
 		case http.StatusOK, http.StatusNoContent, http.StatusAccepted:
+			// Header.Get is case insensitive
+			contentType := rsp.Header.Get("Content-Type")
+			if contentType == "" {
+				return nil, internalServerError("Invalid Content-Type: Missing Content-Type header")
+			}
+			mediaType, _, err := mime.ParseMediaType(contentType)
+			if err != nil {
+				return nil, internalServerError(fmt.Sprintf("Invalid Content-Type header: %s", err.Error()))
+			}
+			if mediaType != "application/json" {
+				return nil, internalServerError("Invalid JSON response. Received content-type: " + contentType)
+			}
 			if rsp.Body == nil {
 				return nil, nil
 			}