Skip to content

Slice actions don't inherit default headers #499

@madleech

Description

@madleech

Describe the bug

Hanami apps using slices don't seem to return CSP headers, while plain Hanami apps do.

To Reproduce

Apologies if I'm not setting up the slice correctly in my repro but AFAICT this is how slices scaffolded by Hanami do it:

require "hanami"

module MyTestApplication
  class App < Hanami::App
  end

  class Action < Hanami::Action
  end
end

module MyTestSlice
  class Slice < Hanami::Slice
  end

  class Action < Hanami::Action
  end
end

p Class.new(MyTestApplication::Action).new.call({}).headers
# {"X-Frame-Options"=>"DENY", "X-Content-Type-Options"=>"nosniff", "X-XSS-Protection"=>"1; mode=block", "Content-Type"=>"application/octet-stream; charset=utf-8"}

p Class.new(MyTestSlice::Action).new.call({}).headers
# {"Content-Type"=>"application/octet-stream; charset=utf-8"}

Expected behavior

My expectation is that slices would inherit the application-wide default headers? I tried tracing where default_headers for actions are configured but it's not clear to me how config.actions.default_headers at the app level interacts with config.default_headers at the action level. I suspect some dry-magic?

There is no mention of differing behaviour for slices in https://guides.hanamirb.org/v2.3/actions/content-security-policy/

Workaround

I can manually configure the application default headers by adding a configure block in each slice's action class:

module MyTestSlice
  class Slice < Hanami::Slice
  end

  class Action < Hanami::Action
    configure do
      config.default_headers = MyTestApplication::App.config.actions.default_headers
    end
  end
end

My environment

  • Ruby version: ruby 3.3.3
  • OS: MacOS 15.7.3

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions