From db9765b4d598c89f98d963ca302a2a516ccf2076 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 4 Dec 2014 14:45:15 +0100 Subject: [PATCH 1/2] Merge headers Otherwise the headers from `JSONResponse` are gone and the Content-Type of the response would be `text/html` instead of `application/json; charset=utf-8`. This leads to broken scripts since we set the `nosniff` tag, furthermore this is very bad from a security PoV. --- lib/public/appframework/controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/public/appframework/controller.php b/lib/public/appframework/controller.php index 398304e6fe..00981df05b 100644 --- a/lib/public/appframework/controller.php +++ b/lib/public/appframework/controller.php @@ -70,7 +70,7 @@ abstract class Controller { $data->getData(), $data->getStatus() ); - $response->setHeaders($data->getHeaders()); + $response->setHeaders(array_merge($data->getHeaders(), $response->getHeaders())); return $response; } else { return new JSONResponse($data); From d2e8358da22aa4d7ecfae4a062a82f554845f42a Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Thu, 4 Dec 2014 15:54:32 +0100 Subject: [PATCH 2/2] Fix unit test --- tests/lib/appframework/controller/ControllerTest.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/lib/appframework/controller/ControllerTest.php b/tests/lib/appframework/controller/ControllerTest.php index d186651dc2..18d47d00f6 100644 --- a/tests/lib/appframework/controller/ControllerTest.php +++ b/tests/lib/appframework/controller/ControllerTest.php @@ -173,7 +173,8 @@ class ControllerTest extends \Test\TestCase { public function testFormatDataResponseJSON() { $expectedHeaders = array( 'test' => 'something', - 'Cache-Control' => 'no-cache, must-revalidate' + 'Cache-Control' => 'no-cache, must-revalidate', + 'Content-Type' => 'application/json; charset=utf-8' ); $response = $this->controller->customDataResponse(array('hi'));