(Security) Force Content-type to application/json in app behind AutocompleteDataset.js

[gvarisco]

I've noticed the following:
https://github.com/italia/daf-publicdata/blob/606b0cb10103bb697edb9018a151665e6125efea/src/components/Autocomplete/AutocompleteDataset.js#L49

Unless I'm missing something here, and based on RFC-4627, all JSON responses there should use the application/json Content-type.

We should avoid by any means that JSON responses can be exploited (eg. XSS) by overriding Array constructors or if hostile values are not JavaScript string-escaped.

It seems to me that the app currently answers application/json for the GET method, as expected. Will be keeping this open as a placeholder for checking it further once deployed, just to be sure.

[jenkin]

This repo is now deprecated, issue closed.