handle($request); if ($response->hasHeader('Content-Disposition')) { return $response; } else { // TODO: This belongs more to CorsMiddleware, but that handles currently OPTIONS (CORS preflight) requests... $response = $response->withHeader('Access-Control-Allow-Origin', '*'); $response = $response->withHeader('Content-Type', 'application/json'); return $response; } } }