call WriteHeader after last change to header map (#542)

* call WriteHeader after last change to header map * fix reader/decryptionReader
2023-04-05 23:30:58 +09:00 · 2023-04-05 23:30:58 +09:00 · a5dacb36a9
parent 3dcbfe2e4d
commit a5dacb36a9
1 changed files with 10 additions and 10 deletions
--- a/server/handlers.go
+++ b/server/handlers.go
@ -1232,16 +1232,8 @@ func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("X-Remaining-Downloads", remainingDownloads)
 	w.Header().Set("X-Remaining-Days", remainingDays)

-	if rng != nil && rng.ContentRange() != "" {
-		w.WriteHeader(http.StatusPartialContent)
-	}
-
-	if disposition == "inline" && canContainsXSS(contentType) {
-		reader = io.NopCloser(bluemonday.UGCPolicy().SanitizeReader(reader))
-	}
-
 	password := r.Header.Get("X-Decrypt-Password")
-	decryptionReader, err := attachDecryptionReader(reader, password)
+	reader, err = attachDecryptionReader(reader, password)
 	if err != nil {
 		http.Error(w, "Could not decrypt file", http.StatusInternalServerError)
 		return
@ -1256,7 +1248,15 @@ func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))
 	w.Header().Set("Vary", "Range, Referer, X-Decrypt-Password")

-	if _, err = io.Copy(w, decryptionReader); err != nil {
+	if rng != nil && rng.ContentRange() != "" {
+		w.WriteHeader(http.StatusPartialContent)
+	}
+
+	if disposition == "inline" && canContainsXSS(contentType) {
+		reader = io.NopCloser(bluemonday.UGCPolicy().SanitizeReader(reader))
+	}
+
+	if _, err = io.Copy(w, reader); err != nil {
 		s.logger.Printf("%s", err.Error())
 		http.Error(w, "Error occurred copying to output stream", http.StatusInternalServerError)
 		return