fix: prioritize headers set by the Response class

[michalsn]

Description
This PR changes the way headers are set. Now headers set by the Response class will be prioritized and will replace those set by calling the header() function.

Why is this important? Without this change, we cannot override the headers set previously with the header() function.

This is relevant, especially when we work with a session. By default, session.cache_limiter is set to nocache, which is fine for the default setting and will automatically set headers:

Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

But we have no option to change these headers, even when we set different Cache-Control etc with the Response class. If we do so, we end up with two entries for Cache-Control, which will possibly lead to unexpected behavior. We also cannot remove the default headers set by session.cache_limiter, because they are set with the header() function directly.

Headers set with the Response class should be prioritized. This is potentially a BC break, but also a bugfix.

Ref: #9234

Checklist:

• Securely signed commits
• Component(s) with PHPDoc blocks, only if necessary or adds value
• Unit testing, with >80% coverage
• User guide updated
• Conforms to style guide

[neznaika0]

Thank you. You've relieved the pain. I fixed this session_cache_limiter("); in app/Common.php

[paulbalandan]

Just a minor grammar fix

[michalsn]

Thanks everyone!

[paulbalandan]

@michalsn does this fix #9234 ?

[michalsn]

Yes.