summaryrefslogtreecommitdiffstats
path: root/lib/public/appframework/controller.php
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2014-12-04 14:45:15 +0100
committerLukas Reschke <lukas@owncloud.com>2014-12-04 14:45:15 +0100
commitdb9765b4d598c89f98d963ca302a2a516ccf2076 (patch)
tree4a449abf4a83927edce0997baec2c961acd6aafa /lib/public/appframework/controller.php
parente9f0b3002367e34f240405051d842102e01e73c3 (diff)
downloadnextcloud-server-db9765b4d598c89f98d963ca302a2a516ccf2076.tar.gz
nextcloud-server-db9765b4d598c89f98d963ca302a2a516ccf2076.zip
Merge headers
Otherwise the headers from `JSONResponse` are gone and the Content-Type of the response would be `text/html` instead of `application/json; charset=utf-8`. This leads to broken scripts since we set the `nosniff` tag, furthermore this is very bad from a security PoV.
Diffstat (limited to 'lib/public/appframework/controller.php')
-rw-r--r--lib/public/appframework/controller.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/public/appframework/controller.php b/lib/public/appframework/controller.php
index 398304e6feb..00981df05ba 100644
--- a/lib/public/appframework/controller.php
+++ b/lib/public/appframework/controller.php
@@ -70,7 +70,7 @@ abstract class Controller {
$data->getData(),
$data->getStatus()
);
- $response->setHeaders($data->getHeaders());
+ $response->setHeaders(array_merge($data->getHeaders(), $response->getHeaders()));
return $response;
} else {
return new JSONResponse($data);