[BUGFIX] Correct clickjacking header in backend
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Middleware / AdditionalResponseHeaders.php
index e5638a7..00cc568 100644 (file)
@@ -37,8 +37,9 @@ class AdditionalResponseHeaders implements MiddlewareInterface
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
         $response = $handler->handle($request);
-        foreach ($GLOBALS['TYPO3_CONF_VARS']['BE']['HTTP']['Response']['Headers'] ?? [] as $header => $value) {
-            $response = $response->withAddedHeader($header, $value);
+        foreach ($GLOBALS['TYPO3_CONF_VARS']['BE']['HTTP']['Response']['Headers'] ?? [] as $header) {
+            [$headerName, $value] = explode(':', $header, 2);
+            $response = $response->withAddedHeader($headerName, trim($value));
         }
         return $response;
     }