Fix 400 error on Lighthouse access_token requests (#25703)

The net-http gem v0.7.0 removed automatic Content-Type header defaults
for POST requests. This caused access_token requests to the Lighthouse
OAuth endpoint to fail with 400 Bad Request because the server couldn't
parse the form-encoded body without the Content-Type header.

This fix explicitly sets Content-Type: application/x-www-form-urlencoded
on the access_token_connection to ensure compatibility with net-http
v0.7.0+ and proper OAuth token requests.

Root cause: googleauth gem update (298d685) pulled in net-http 0.9.1
which includes the breaking change from v0.7.0.

Adds spec to prevent regression.

Author: acrollet

modules/mobile/app/services/mobile/v0/lighthouse_health/configuration.rb

@@ -36,7 +36,7 @@ def api_url
         # @return Faraday::Connection a Faraday connection instance with the correct middleware
         #
         def access_token_connection
-          Faraday.new(access_token_url) do |conn|
+          Faraday.new(access_token_url, headers: { 'Content-Type' => 'application/x-www-form-urlencoded' }) do |conn|
             conn.use(:breakers, service_name:)
             conn.use Faraday::Response::RaiseError
             conn.response :json, content_type: /\bjson$/

modules/mobile/spec/services/lighthouse_health_configuration_spec.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe Mobile::V0::LighthouseHealth::Configuration do
+  subject(:config) { described_class.instance }
+
+  describe '#access_token_connection' do
+    it 'sets Content-Type header to application/x-www-form-urlencoded' do
+      # This header is required for OAuth token requests.
+      # net-http v0.7.0+ removed automatic Content-Type defaults for POST requests,
+      # so we must explicitly set this header to prevent 400 errors from the OAuth server.
+      connection = config.access_token_connection
+
+      expect(connection.headers['Content-Type']).to eq('application/x-www-form-urlencoded')
+    end
+
+    it 'includes RaiseError middleware for error handling' do
+      connection = config.access_token_connection
+
+      expect(connection.builder.handlers).to include(Faraday::Response::RaiseError)
+    end
+
+    it 'includes breakers middleware for circuit breaking' do
+      connection = config.access_token_connection
+
+      # Breakers middleware is registered as a symbol
+      handler_names = connection.builder.handlers.map do |h|
+        h.name
+      rescue
+        h.to_s
+      end
+      expect(handler_names.join).to include('breakers').or include('Breakers')
+    end
+
+    it 'includes JSON response middleware' do
+      connection = config.access_token_connection
+
+      expect(connection.builder.handlers).to include(Faraday::Response::Json)
+    end
+  end
+
+  describe '#connection' do
+    it 'does not require Content-Type header (used for GET requests with Bearer token)' do
+      connection = config.connection
+
+      # The main connection is used for API requests with Authorization header,
+      # not for token requests, so Content-Type is not required
+      expect(connection.headers['Content-Type']).to be_nil
+    end
+  end
+
+  describe '#service_name' do
+    it 'returns the correct service name for breakers' do
+      expect(config.service_name).to eq('MobileLighthouseHealth')
+    end
+  end
+end