Problem
A backend project generated with:
vix new blog --template backend
uses middleware App presets in the generated MiddlewareRegistry.cpp:
app.use(vix::middleware::app::security_headers_dev(false));
This helper exists and works correctly, but it is not exposed by the public middleware include:
#include <vix/middleware.hpp>
The project only compiles when the generated file explicitly includes:
#include <vix/middleware/app/adapter.hpp>
#include <vix/middleware/app/presets.hpp>
This creates unnecessary API friction: users of the backend template should not need to know which internal app/ header contains the preset helper.
Diagnosis
The middleware behavior itself is correct.
After including vix/middleware/app/presets.hpp, the generated backend builds and runs correctly.
Verified with:
curl -i http://127.0.0.1:8080/api
curl -i http://127.0.0.1:8080/health
curl -i http://127.0.0.1:8080/api/health
The responses include the expected security headers:
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Permissions-Policy: geolocation=(), microphone=(), camera=()
The /api prefix middleware also works correctly because:
appears on /api and /api/health, but not on /health.
So the issue is not the middleware implementation. The issue is the public include surface.
Expected behavior
This should be enough in generated backend applications:
#include <vix/middleware.hpp>
Then this should compile:
app.use(vix::middleware::app::security_headers_dev(false));
The public middleware header should expose the normal App integration helpers used by generated templates.
Fix
Expose the App integration headers through the middleware public aggregation header.
Add these includes to:
modules/middleware/include/vix/middleware/all.hpp
// app
#include <vix/middleware/app/adapter.hpp>
#include <vix/middleware/app/app_middleware.hpp>
#include <vix/middleware/app/http_cache.hpp>
#include <vix/middleware/app/presets.hpp>
Acceptance criteria
This should compile without manual edits:
vix new blog --template backend
cd blog
vix build
The generated backend should keep using:
#include <vix/middleware.hpp>
and should still compile code such as:
app.use(vix::middleware::app::security_headers_dev(false));
Problem
A backend project generated with:
uses middleware App presets in the generated
MiddlewareRegistry.cpp:app.use(vix::middleware::app::security_headers_dev(false));This helper exists and works correctly, but it is not exposed by the public middleware include:
The project only compiles when the generated file explicitly includes:
This creates unnecessary API friction: users of the backend template should not need to know which internal
app/header contains the preset helper.Diagnosis
The middleware behavior itself is correct.
After including
vix/middleware/app/presets.hpp, the generated backend builds and runs correctly.Verified with:
The responses include the expected security headers:
The
/apiprefix middleware also works correctly because:appears on
/apiand/api/health, but not on/health.So the issue is not the middleware implementation. The issue is the public include surface.
Expected behavior
This should be enough in generated backend applications:
Then this should compile:
app.use(vix::middleware::app::security_headers_dev(false));The public middleware header should expose the normal App integration helpers used by generated templates.
Fix
Expose the App integration headers through the middleware public aggregation header.
Add these includes to:
Acceptance criteria
This should compile without manual edits:
vix new blog --template backend cd blog vix buildThe generated backend should keep using:
and should still compile code such as:
app.use(vix::middleware::app::security_headers_dev(false));