From bcdbc49aa870841f136d086b36747dd5e6f3beef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Thu, 25 Sep 2025 10:04:26 +0200
Subject: [PATCH] fix headerow

---
 app.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/app.py b/app.py
index 32fd272..b0ae4f8 100644
--- a/app.py
+++ b/app.py
@@ -1417,30 +1417,38 @@ def require_system_password():
 
 @app.after_request
 def apply_headers(response):
-
     if request.path == "/expenses_data":
         response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
         response.headers["Pragma"] = "no-cache"
         response.headers["Expires"] = "0"
         return response
 
+    # --- statyczne pliki ---
     if request.path.startswith(("/static/", "/uploads/")):
         response.headers["Vary"] = "Accept-Encoding"
         return response
 
+    # --- redirecty ---
     if response.status_code in (301, 302, 303, 307, 308):
         response.headers["Cache-Control"] = "no-store"
         response.headers.pop("Vary", None)
         return response
 
+    # --- błędy 4xx ---
     if 400 <= response.status_code < 500:
         response.headers["Cache-Control"] = "no-store"
-        response.headers["Content-Type"] = "text/html; charset=utf-8"
+        ct = (response.headers.get("Content-Type") or "").lower()
+        if "application/json" not in ct:
+            response.headers["Content-Type"] = "text/html; charset=utf-8"
+
         response.headers.pop("Vary", None)
 
+    # --- błędy 5xx ---
     elif 500 <= response.status_code < 600:
         response.headers["Cache-Control"] = "no-store"
-        response.headers["Content-Type"] = "text/html; charset=utf-8"
+        ct = (response.headers.get("Content-Type") or "").lower()
+        if "application/json" not in ct:
+            response.headers["Content-Type"] = "text/html; charset=utf-8"
         response.headers["Retry-After"] = "120"
         response.headers.pop("Vary", None)