From 4a8fdcf8874ebf33533897df2b2b6395ecd9f9fb Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Mon, 21 May 2018 19:04:53 +0200
Subject: [PATCH] Fix content-type for login (gives error in console of
 browser)

---
 .../main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java | 3 +++
 webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js     | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java
index 48419e096..cf1e512db 100644
--- a/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java
+++ b/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/JWTVotesEndpoint.java
@@ -13,6 +13,7 @@ import org.owasp.webgoat.assignments.AttackResult;
 import org.owasp.webgoat.plugin.votes.Views;
 import org.owasp.webgoat.plugin.votes.Vote;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.converter.json.MappingJacksonValue;
 import org.springframework.web.bind.annotation.*;
@@ -75,10 +76,12 @@ public class JWTVotesEndpoint extends AssignmentEndpoint {
             Cookie cookie = new Cookie("access_token", token);
             response.addCookie(cookie);
             response.setStatus(HttpStatus.OK.value());
+            response.setContentType(MediaType.APPLICATION_JSON_VALUE);
         } else {
             Cookie cookie = new Cookie("access_token", "");
             response.addCookie(cookie);
             response.setStatus(HttpStatus.UNAUTHORIZED.value());
+            response.setContentType(MediaType.APPLICATION_JSON_VALUE);
         }
     }
 
diff --git a/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js b/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js
index 55791c32a..4d692d1bf 100644
--- a/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js
+++ b/webgoat-lessons/jwt/src/main/resources/js/jwt-signing.js
@@ -5,8 +5,9 @@ $(document).ready(function () {
 function login(user) {
     $("#name").text(user);
     $.ajax({
-        url: 'JWT/votings/login?user=' + user
-    }).then(function () {
+        url: 'JWT/votings/login?user=' + user,
+        contentType: "application/json"
+    }).always(function () {
         getVotings();
     })
 }