diff options
author | Lukas Reschke <lukas@owncloud.com> | 2014-12-04 14:45:15 +0100 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2014-12-04 14:45:15 +0100 |
commit | db9765b4d598c89f98d963ca302a2a516ccf2076 (patch) | |
tree | 4a449abf4a83927edce0997baec2c961acd6aafa /lib/public/appframework/controller.php | |
parent | e9f0b3002367e34f240405051d842102e01e73c3 (diff) | |
download | nextcloud-server-db9765b4d598c89f98d963ca302a2a516ccf2076.tar.gz nextcloud-server-db9765b4d598c89f98d963ca302a2a516ccf2076.zip |
Merge headers
Otherwise the headers from `JSONResponse` are gone and the Content-Type of the response would be `text/html` instead of `application/json; charset=utf-8`. This leads to broken scripts since we set the `nosniff` tag, furthermore this is very bad from a security PoV.
Diffstat (limited to 'lib/public/appframework/controller.php')
-rw-r--r-- | lib/public/appframework/controller.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/public/appframework/controller.php b/lib/public/appframework/controller.php index 398304e6feb..00981df05ba 100644 --- a/lib/public/appframework/controller.php +++ b/lib/public/appframework/controller.php @@ -70,7 +70,7 @@ abstract class Controller { $data->getData(), $data->getStatus() ); - $response->setHeaders($data->getHeaders()); + $response->setHeaders(array_merge($data->getHeaders(), $response->getHeaders())); return $response; } else { return new JSONResponse($data); |