lib/rails/auth/error_page/debug_middleware.rb in rails-auth-0.5.1 vs lib/rails/auth/error_page/debug_middleware.rb in rails-auth-0.5.2

@@ -12,9 +12,10 @@
       class DebugMiddleware
         # Configure CSP to disable JavaScript, but allow inline CSS
         # This is just in case someone pulls off reflective XSS, but hopefully all values are
         # properly escaped on the page so that won't happen.
         RESPONSE_HEADERS = {
+          "Content-Type" => "text/html",
           "Content-Security-Policy" =>
           "default-src 'self'; " \
           "script-src 'none'; " \
           "style-src 'unsafe-inline'"
         }.freeze