Merge headers

Otherwise the headers from `JSONResponse` are gone and the Content-Type of the response would be `text/html` instead of `application/json; charset=utf-8`. This leads to broken scripts since we set the `nosniff` tag, furthermore this is very bad from a security PoV.

diff --git a/lib/public/appframework/controller.php b/lib/public/appframework/controller.php
index 398304e6febdbb4db805ad4f423463fd01b72191..00981df05baef9dab0d8f1a4b05f303bef4689ec 100644 (file)
--- a/lib/public/appframework/controller.php
+++ b/lib/public/appframework/controller.php
@@ -70,7 +70,7 @@ abstract class Controller {
                                                $data->getData(),
                                                $data->getStatus()
                                        );
-                                       $response->setHeaders($data->getHeaders());
+                                       $response->setHeaders(array_merge($data->getHeaders(), $response->getHeaders()));
                                        return $response;
                                } else {
                                        return new JSONResponse($data);