From db9765b4d598c89f98d963ca302a2a516ccf2076 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 4 Dec 2014 14:45:15 +0100 Subject: Merge headers Otherwise the headers from `JSONResponse` are gone and the Content-Type of the response would be `text/html` instead of `application/json; charset=utf-8`. This leads to broken scripts since we set the `nosniff` tag, furthermore this is very bad from a security PoV. --- lib/public/appframework/controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/public/appframework/controller.php b/lib/public/appframework/controller.php index 398304e6feb..00981df05ba 100644 --- a/lib/public/appframework/controller.php +++ b/lib/public/appframework/controller.php @@ -70,7 +70,7 @@ abstract class Controller { $data->getData(), $data->getStatus() ); - $response->setHeaders($data->getHeaders()); + $response->setHeaders(array_merge($data->getHeaders(), $response->getHeaders())); return $response; } else { return new JSONResponse($data); -- cgit v1.2.3