Merge pull request #39996 from nextcloud/bugfix/noid/fix-header-regression

fix(middleware): Fix header injection for bruteforce middleware
3 years ago · 613cd16583
1 changed files with 1 additions and 5 deletions
--- a/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
@ -130,11 +130,7 @@ class BruteForceMiddleware extends Middleware {
 		}

 		if ($this->delaySlept) {
-			$headers = $response->getHeaders();
-			if (!isset($headers['X-Nextcloud-Bruteforce-Throttled'])) {
-				$headers['X-Nextcloud-Bruteforce-Throttled'] = $this->delaySlept . 'ms';
-				$response->setHeaders($headers);
-			}
+			$response->addHeader('X-Nextcloud-Bruteforce-Throttled', $this->delaySlept . 'ms');
 		}

 		return parent::afterController($controller, $methodName, $response);