TykTechnologies · sedkis · Jan 22, 2026
diff --git a/gateway/handler_error.go b/gateway/handler_error.go
@@ -39,6 +39,10 @@
 
 var TykErrors = make(map[string]config.TykError)
 
+type responseChainContextKey struct{}
+
+var responseChainContextKeyValue = responseChainContextKey{}
+
 func errorAndStatusCode(errType string) (error, int) {
 	err := TykErrors[errType]
 	return errors.New(err.Message), err.Code
@@ -70,6 +74,46 @@
 	}
 }
 
+func applyResponseWriterHeaderDelta(before, after, target http.Header) {
+	if target == nil {
+		return
+	}
+
+	for key, afterValues := range after {
+		beforeValues, ok := before[key]
+		if !ok || !stringSliceEqual(beforeValues, afterValues) {
+			target[key] = cloneHeaderValues(afterValues)
+		}
+	}
+
+	for key := range before {
+		if _, ok := after[key]; !ok {
+			delete(target, key)
+		}
+	}
+}
+
+func stringSliceEqual(a, b []string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	for i := range a {
+		if a[i] != b[i] {
+			return false
+		}
+	}
+	return true
+}
+
+func cloneHeaderValues(values []string) []string {
+	if values == nil {
+		return nil
+	}
+	out := make([]string, len(values))
+	copy(out, values)
+	return out
+}
+
 // APIError is generic error object returned if there is something wrong with the request
 type APIError struct {
 	Message htmltemplate.HTML
@@ -110,8 +154,6 @@
 		}
 
 		w.Header().Set(header.ContentType, contentType)
-		response.Header = http.Header{}
-		response.Header.Set(header.ContentType, contentType)
 		templateName := "error_" + strconv.Itoa(errCode) + "." + templateExtension
 
 		// Try to use an error template that matches the HTTP error code and the content type: 500.json, 400.xml, etc.
@@ -128,27 +170,23 @@
 			templateName = defaultTemplateName + "." + defaultTemplateFormat
 			tmpl = e.Gw.templates.Lookup(templateName)
 			w.Header().Set(header.ContentType, defaultContentType)
-			response.Header.Set(header.ContentType, defaultContentType)
-
 		}
 
 		//If the config option is not set or is false, add the header
 		if !e.Spec.GlobalConfig.HideGeneratorHeader {
 			w.Header().Add(header.XGenerator, "tyk.io")
-			response.Header.Add(header.XGenerator, "tyk.io")
 		}
 
 		// Close connections
 		if e.Spec.GlobalConfig.CloseConnections {
 			w.Header().Add(header.Connection, "close")
-			response.Header.Add(header.Connection, "close")
 
 		}
 
+		response.Header = cloneHeader(w.Header())
+
 		// If error is not customized write error in default way
 		if errMsg != errCustomBodyResponse.Error() {
-			w.WriteHeader(errCode)
-			response.StatusCode = errCode
 			var tmplExecutor TemplateExecutor
 			tmplExecutor = tmpl
 
@@ -162,11 +200,52 @@
 				tmplExecutor = rawTmpl
 			}
 
-			var log bytes.Buffer
+			var errBody bytes.Buffer
+
+			tmplExecutor.Execute(&errBody, &apiError)
 
-			rsp := io.MultiWriter(w, &log)
-			tmplExecutor.Execute(rsp, &apiError)
-			response.Body = ioutil.NopCloser(&log)
+			response.StatusCode = errCode
+			response.Body = ioutil.NopCloser(bytes.NewReader(errBody.Bytes()))
+			response.Request = r
+
+			if len(e.Spec.ResponseChain) > 0 && r.Context().Value(responseChainContextKeyValue) != true {
+				writerHeadersBefore := cloneHeader(w.Header())
+
+				setCtxValue(r, responseChainContextKeyValue, true)
+				defer setCtxValue(r, responseChainContextKeyValue, false)
+
+				session := ctxGetSession(r)
+				handled, err := handleResponseChain(e.Spec.ResponseChain, w, response, r, session)
+				if handled {
+					// Custom response hook errors invoke their own ErrorHandler (with analytics).
+					return
+				}
+				if err != nil {
+					e.Logger().Error("Response chain failed! ", err)
+				}
+
+				errCode = response.StatusCode
+				if response.Body != nil {
+					if modifiedBody, err := io.ReadAll(response.Body); err == nil {
+						errBody.Reset()
+						errBody.Write(modifiedBody)
+					}
+					_ = response.Body.Close()
+				}
+
+				applyResponseWriterHeaderDelta(writerHeadersBefore, w.Header(), response.Header)
+
+				for k := range w.Header() {
+					w.Header().Del(k)
+				}
+				copyHeader(w.Header(), response.Header, e.Gw.GetConfig().IgnoreCanonicalMIMEHeaderKey)
+			}
+
+			w.WriteHeader(errCode)
+			response.StatusCode = errCode
+			w.Write(errBody.Bytes())
+			response.ContentLength = int64(errBody.Len())
+			response.Body = ioutil.NopCloser(bytes.NewReader(errBody.Bytes()))
 		}
 	}