fix(middleware): Fix header injection for bruteforce middleware

Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons So shifting back to old standard practise for now Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2023-08-22 16:00:39 +0200
committer: Joas Schilling <coding@schilljs.com> 2023-08-22 16:00:39 +0200
commit: 381c35080db623f41a32d77db91bad48b2bf659a (patch)
tree: 87d19a4f0aa7db814693d9719194554e9fcdc5c3 /lib
parent: e42d82fe13d49bf5bfc3b42c8c686292f81af1cc (diff)
download: nextcloud-server-381c35080db623f41a32d77db91bad48b2bf659a.tar.gz
nextcloud-server-381c35080db623f41a32d77db91bad48b2bf659a.zip
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
index 6a943af2a1f..a0b915588ad 100644
--- a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
@@ -130,11 +130,7 @@ class BruteForceMiddleware extends Middleware {
 		}
 
 		if ($this->delaySlept) {
-			$headers = $response->getHeaders();
-			if (!isset($headers['X-Nextcloud-Bruteforce-Throttled'])) {
-				$headers['X-Nextcloud-Bruteforce-Throttled'] = $this->delaySlept . 'ms';
-				$response->setHeaders($headers);
-			}
+			$response->addHeader('X-Nextcloud-Bruteforce-Throttled', $this->delaySlept . 'ms');
 		}
 
 		return parent::afterController($controller, $methodName, $response);
author	Joas Schilling <coding@schilljs.com>	2023-08-22 16:00:39 +0200
committer	Joas Schilling <coding@schilljs.com>	2023-08-22 16:00:39 +0200
commit	381c35080db623f41a32d77db91bad48b2bf659a (patch)
tree	87d19a4f0aa7db814693d9719194554e9fcdc5c3 /lib
parent	e42d82fe13d49bf5bfc3b42c8c686292f81af1cc (diff)
download	nextcloud-server-381c35080db623f41a32d77db91bad48b2bf659a.tar.gz nextcloud-server-381c35080db623f41a32d77db91bad48b2bf659a.zip