diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2023-08-22 16:32:10 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-22 16:32:10 +0200 |
| commit | 613cd16583f4db65edeee3f1de8bd340c0a0c5d9 (patch) | |
| tree | 87d19a4f0aa7db814693d9719194554e9fcdc5c3 | |
| parent | e42d82fe13d49bf5bfc3b42c8c686292f81af1cc (diff) | |
| parent | 381c35080db623f41a32d77db91bad48b2bf659a (diff) | |
| download | nextcloud-server-613cd16583f4db65edeee3f1de8bd340c0a0c5d9.tar.gz nextcloud-server-613cd16583f4db65edeee3f1de8bd340c0a0c5d9.zip | |
Merge pull request #39996 from nextcloud/bugfix/noid/fix-header-regression
fix(middleware): Fix header injection for bruteforce middleware
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php index 6a943af2a1f..a0b915588ad 100644 --- a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php @@ -130,11 +130,7 @@ class BruteForceMiddleware extends Middleware { } if ($this->delaySlept) { - $headers = $response->getHeaders(); - if (!isset($headers['X-Nextcloud-Bruteforce-Throttled'])) { - $headers['X-Nextcloud-Bruteforce-Throttled'] = $this->delaySlept . 'ms'; - $response->setHeaders($headers); - } + $response->addHeader('X-Nextcloud-Bruteforce-Throttled', $this->delaySlept . 'ms'); } return parent::afterController($controller, $methodName, $response); |