From a7af45ee3f61032c82b339174ddc9c31c0be2f8c Mon Sep 17 00:00:00 2001
From: Michael Nutt <michael@nuttnet.net>
Date: Thu, 24 Nov 2022 11:07:11 -0500
Subject: [PATCH] fix: Ensure font serving does not reflect userdata-derived
 errors as HTML (#647)

* fix: ensure font serving does not reflect userdata-derived errors as HTML

Signed-off-by: Michael Nutt <michael@nuttnet.net>
---
 package-lock.json     | 4 ++--
 package.json          | 2 +-
 src/serve_data.js     | 5 ++++-
 src/serve_font.js     | 2 +-
 src/serve_rendered.js | 5 ++++-
 5 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 73d821e..c7a0292 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "tileserver-gl",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "tileserver-gl",
-      "version": "4.2.0",
+      "version": "4.2.1",
       "license": "BSD-2-Clause",
       "dependencies": {
         "@mapbox/glyph-pbf-composite": "0.0.3",
diff --git a/package.json b/package.json
index 5b47c80..3132a05 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tileserver-gl",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "Map tile server for JSON GL styles - vector and server side generated raster tiles",
   "main": "src/main.js",
   "bin": "src/main.js",
diff --git a/src/serve_data.js b/src/serve_data.js
index 1c8a70b..e3cb6ca 100644
--- a/src/serve_data.js
+++ b/src/serve_data.js
@@ -54,7 +54,10 @@ export const serve_data = {
             if (/does not exist/.test(err.message)) {
               return res.status(204).send();
             } else {
-              return res.status(500).send(err.message);
+              return res
+                .status(500)
+                .header('Content-Type', 'text/plain')
+                .send(err.message);
             }
           } else {
             if (data == null) {
diff --git a/src/serve_font.js b/src/serve_font.js
index 1c63f01..f03d8f5 100644
--- a/src/serve_font.js
+++ b/src/serve_font.js
@@ -54,7 +54,7 @@ export const serve_font = (options, allowedFonts) => {
         res.header('Last-Modified', lastModified);
         return res.send(concated);
       },
-      (err) => res.status(400).send(err),
+      (err) => res.status(400).header('Content-Type', 'text/plain').send(err),
     );
   });
 
diff --git a/src/serve_rendered.js b/src/serve_rendered.js
index c63cd2f..53cd5d2 100644
--- a/src/serve_rendered.js
+++ b/src/serve_rendered.js
@@ -661,7 +661,10 @@ export const serve_rendered = {
           pool.release(renderer);
           if (err) {
             console.error(err);
-            return res.status(500).send(err);
+            return res
+              .status(500)
+              .header('Content-Type', 'text/plain')
+              .send(err);
           }
 
           // Fix semi-transparent outlines on raw, premultiplied input