From 648696f7789a3086a99007f22ac770c92a9861bc Mon Sep 17 00:00:00 2001
From: Alejandro Celaya <alejandrocelaya@gmail.com>
Date: Thu, 16 Oct 2025 10:08:24 +0200
Subject: [PATCH] Fix issue reported by phpstan in CrossDomainMiddleware

---
 module/Rest/src/Middleware/CrossDomainMiddleware.php | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/module/Rest/src/Middleware/CrossDomainMiddleware.php b/module/Rest/src/Middleware/CrossDomainMiddleware.php
index e54c07a7..69801fe9 100644
--- a/module/Rest/src/Middleware/CrossDomainMiddleware.php
+++ b/module/Rest/src/Middleware/CrossDomainMiddleware.php
@@ -39,12 +39,10 @@ readonly class CrossDomainMiddleware implements MiddlewareInterface, RequestMeth
     private function addOptionsHeaders(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
     {
         // Options requests should always be empty and have a 204 status code
-        return EmptyResponse::withHeaders([
-            ...$response->getHeaders(),
-            'Access-Control-Allow-Methods' => $this->resolveCorsAllowedMethods($response),
-            'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'),
-            'Access-Control-Max-Age' => $this->options->maxAge,
-        ]);
+        return EmptyResponse::withHeaders($response->getHeaders())
+            ->withHeader('Access-Control-Allow-Methods', $this->resolveCorsAllowedMethods($response))
+            ->withHeader('Access-Control-Allow-Headers', $request->getHeaderLine('Access-Control-Request-Headers'))
+            ->withHeader('Access-Control-Max-Age', (string) $this->options->maxAge);
     }
 
     private function resolveCorsAllowedMethods(ResponseInterface $response): string