`secure_headers` breaks `htmx` templates (in development)

[sectore]

Description

v0.8.0 introduced secure_headers middleware for setting secure headers by default (release notes).

It will break generated htmx templates in a way that its inline scripts can't be excecuted (htmx.defineExtension in this case). Same issue by referencing to static files, e.g. <script src="/static/example.js"></script>, which won't be executed.

BTW: A similar issue is mentioned by @martinjanda in issuecomment-2331363053

To Reproduce

• Check cli version

  loco -V
  loco-cli 0.2.8

• Create new app

  ❯ loco new 
  ✔ ❯ App name? · loco_htmx_app
  ✔ ❯ What would you like to build? · SaaS app (with DB and user auth)
  ✔ ❯ Select a DB Provider · Postgres
  ✔ ❯ Select your background worker type · Async
  ✔ ❯ Select an asset serving configuration · Serverside

• Run postgres

docker run -d -p 5432:5432 \
  -e POSTGRES_USER=loco \
  -e POSTGRES_DB=loco_htmx_app_development \
  -e POSTGRES_PASSWORD="loco" \
  postgres:15.3-alpine

• cd into project and scaffold movies

cargo loco generate scaffold movies name:string star:int active:bool --kind htmx

• Run app

cargo loco start

• Open http://localhost:5150/movies/new to add a new movie.

• Error:

  2024-09-13T09:40:58.758542Z ERROR http-request: loco_rs::controller: controller_error error.msg=Expected request with `Content-Type: application/json` error.details=JsonRejection(MissingJsonContentType(MissingJsonContentType)) http.method=POST http.uri=/movies http.version=HTTP/1.1 http.user_agent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0 environment=development request_id=8ae5952e-96ac-40c1-93ef-b9174a07c5db

Expected Behavior

Sending data as Content-Type: application/json.

Possible fix

In config/development.yaml:

    secure_headers:
      preset: empty # instead of github

[kaplanelad]

Thanks for reporting this issue. fixed in https://github.com/loco-rs/loco/pull/737/commits/ef96e97ccc253626e00643ff8aae7f8ffc74e19f and release in the next Loco version