Log an error when setting a custom header on "Not Modified" responses

Signed-off-by: Joas Schilling <coding@schilljs.com>

diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php
index ff6b97f87b1234a13fdf4eff82a56347e25cb632..fc3ee73977377e91857955b9db5693dddee34567 100644 (file)
--- a/lib/public/AppFramework/Http/Response.php
+++ b/lib/public/AppFramework/Http/Response.php
@@ -38,6 +38,8 @@ namespace OCP\AppFramework\Http;
 
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\IConfig;
+use Psr\Log\LoggerInterface;
 
 /**
  * Base class for responses. Also used to just send headers.
@@ -203,6 +205,18 @@ class Response {
                // to be able to reliably check for security
                // headers
 
+               if ($this->status === Http::STATUS_NOT_MODIFIED
+                       && stripos($name, 'x-') === 0) {
+                       /** @var IConfig $config */
+                       $config = \OC::$server->get(IConfig::class);
+
+                       if ($config->getSystemValueBool('debug', false)) {
+                               \OC::$server->get(LoggerInterface::class)->error(
+                                       'Setting a custom header on a 204 or 304 is not supported'
+                               );
+                       }
+               }
+
                if (is_null($value)) {
                        unset($this->headers[$name]);
                } else {