diff --git a/lib/Controller/WopiController.php b/lib/Controller/WopiController.php
index 22de7335..b0cd3def 100755
--- a/lib/Controller/WopiController.php
+++ b/lib/Controller/WopiController.php
@@ -518,7 +518,7 @@ private function getLock(Wopi $wopi): JSONResponse {
 		try {
 			$response = new JSONResponse();
 			$locks = $this->lockManager->getLocks($wopi->getFileid());
-			$existingLock = array_pop($locks);
+			$existingLock = array_shift($locks);
 			$response->addHeader('X-WOPI-Lock', $existingLock->getToken());
 			return $response;
 		} catch (NoLockProviderException|PreConditionNotMetException $e) {
@@ -671,6 +671,16 @@ public function postFile($fileId, $access_token) {
 		$wopiOverride = $this->request->getHeader('X-WOPI-Override');
 
 		if ($this->lockManager->isLockProviderAvailable()) {
+			$locks = $this->lockManager->getLocks($wopi->getFileid());
+			$existingLock = array_shift($locks);
+			$outsideLocked = $existingLock && $existingLock->getOwner() !== 'officeonline';
+			if ($outsideLocked) {
+				$result = new JSONResponse();
+				$result->setStatus(Http::STATUS_CONFLICT);
+				$result->addHeader('X-WOPI-Lock', $existingLock->getToken());
+				$result->addHeader('X-WOPI-LockFailureReason', 'File already locked by ' . $existingLock->getOwner());
+				return $result;
+			}
 			// Currently we do not use the return value of those methods,
 			// as we perform actual WOPI lock token handling through the apps own lock table
 			switch ($wopiOverride) {