Reply with JSON when html is not accepted like in SecurityMiddleware

Signed-off-by: Joas Schilling <coding@schilljs.com>

index.php

@@ -55,6 +55,18 @@ try {
 		OC_Template::printExceptionErrorPage($ex, 500);
 	}
 } catch (\OC\User\LoginException $ex) {
+	$request = \OC::$server->getRequest();
+	/**
+	 * Routes with the @CORS annotation and other API endpoints should
+	 * not return a webpage, so we only print the error page when html is accepted,
+	 * otherwise we reply with a JSON array like the SecurityMiddleware would do.
+	 */
+	if (stripos($request->getHeader('Accept'),'html') === false) {
+		http_response_code(401);
+		header('Content-Type: application/json; charset=utf-8');
+		echo json_encode(['message' => $ex->getMessage()]);
+		exit();
+	}
 	OC_Template::printErrorPage($ex->getMessage(), $ex->getMessage(), 401);
 } catch (Exception $ex) {
 	\OC::$server->getLogger()->logException($ex, ['app' => 'index']);