Plugin Error Response Content-Type header

[MekelCon]

Hello,

Here I talk about consumption of user defined route (not the Admin or Control API).
Using plugins and testing some error cases, I discovered that most of the time the response header is :
Content-Type : text/plain; charset=utf-8
But the effective content is Application/json :

# Header 
Content-Type: text/plain; charset=utf-8
...
# Body looks like json 
{"message":"The consumer_name is forbidden."}

At least this is the case for key-auth plugin, consumer-restriction plugin...

Even if i change my Accept header the content type stay text/plain.

Is it a bug ? Maybe the default content type should be application/json ? or even better take care of the accept header ?

Thank you.

[tzssangglass]

Can you describe it in more detail?

[MekelCon]

Step 1
Create a route with consumer restriction

curl --location --request PUT ".../apisix/admin/routes/content-type" \
--header "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" \
--header "Content-Type: application/json" \
--data-raw "{
    \"methods\": [
        \"GET\"
    ],
    \"plugins\": {
        \"consumer-restriction\": {
            \"whitelist\": [
                \"nobody\"
            ]
        }
    },
    \"uri\": \"/content-type/get\"
}"

Step 2 Try to consume the route without being identified to raise an error
I said i want application/json response :

curl --location --request GET ".../content-type/get" \
--header "Accept: application/json"

Response is :

# http code
401
# body 
{"message":"Missing authentication or identity verification."}
# In headers : 
Content-Type:  text/plain; charset=utf-8

The Content-Type header should be : application/json as it is in fact a Json in response.

This issue is not on "consumer-restriction"plugin only, it also happen for the key-auth plugin when you provide a wrong key, and i guess it is a general plugin behavior.
To my mind it should exist a general common way to respond error from plugin to allow manage right content-type depending the response format.
For example in case of a request like :

curl --location --request GET "..../content-type/get" \
--header "Accept: application/xml"

i expect a response like

# body 
<message>Missing authentication or identity verification.</message>
# In headers : 
Content-Type:  application/xml; charset=utf-8

---

In case of unknow accept or not managed, here we go for text/plain :

--header "Accept: */*"

Response should be something like :

# body 
Missing authentication or identity verification.
# In headers : 
Content-Type:  text/plain; charset=utf-8

[MekelCon]

Issue #8511

[boekkooi-lengoo]

A work around for this is to do something like the following assuming all responses from your API are JSON.

global_rules:
  - id: error_response_json
    plugins:
      response-rewrite:
        _meta:
          filter: [
            [
              "status",
              ">=",
              400
            ]
          ]
        headers:
          set:
            "Content-Type": "application/json; charset=utf-8"