Slice actions don't inherit default headers #499
Description
Describe the bug
Hanami apps using slices don't seem to return CSP headers, while plain Hanami apps do.
To Reproduce
Apologies if I'm not setting up the slice correctly in my repro but AFAICT this is how slices scaffolded by Hanami do it:
require "hanami"
module MyTestApplication
class App < Hanami::App
end
class Action < Hanami::Action
end
end
module MyTestSlice
class Slice < Hanami::Slice
end
class Action < Hanami::Action
end
end
p Class.new(MyTestApplication::Action).new.call({}).headers
# {"X-Frame-Options"=>"DENY", "X-Content-Type-Options"=>"nosniff", "X-XSS-Protection"=>"1; mode=block", "Content-Type"=>"application/octet-stream; charset=utf-8"}
p Class.new(MyTestSlice::Action).new.call({}).headers
# {"Content-Type"=>"application/octet-stream; charset=utf-8"}Expected behavior
My expectation is that slices would inherit the application-wide default headers? I tried tracing where default_headers for actions are configured but it's not clear to me how config.actions.default_headers at the app level interacts with config.default_headers at the action level. I suspect some dry-magic?
There is no mention of differing behaviour for slices in https://guides.hanamirb.org/v2.3/actions/content-security-policy/
Workaround
I can manually configure the application default headers by adding a configure block in each slice's action class:
module MyTestSlice
class Slice < Hanami::Slice
end
class Action < Hanami::Action
configure do
config.default_headers = MyTestApplication::App.config.actions.default_headers
end
end
endMy environment
- Ruby version: ruby 3.3.3
- OS: MacOS 15.7.3