v0.8.0 introduced secure_headers middleware for setting secure headers by default (release notes).
It will break generated htmx templates in a way that its inline scripts can't be excecuted (htmx.defineExtension in this case). Same issue by referencing to static files, e.g. <script src="/static/example.js"></script>, which won't be executed.
❯ loco new
✔ ❯ App name? · loco_htmx_app
✔ ❯ What would you like to build? · SaaS app (with DB and user auth)
✔ ❯ Select a DB Provider · Postgres
✔ ❯ Select your background worker type · Async
✔ ❯ Select an asset serving configuration · Serverside
Description
v0.8.0
introducedsecure_headers middleware
for setting secure headers by default (release notes).It will break generated
htmx
templates in a way that its inline scripts can't be excecuted (htmx.defineExtension
in this case). Same issue by referencing to static files, e.g.<script src="/static/example.js"></script>
, which won't be executed.BTW: A similar issue is mentioned by @martinjanda in issuecomment-2331363053
To Reproduce
Check cli version
Create new app
Run
postgres
cd
into project and scaffoldmovies
Expected Behavior
Sending data as
Content-Type: application/json
.Possible fix
In
config/development.yaml
: