Fix InvalidCrossOriginRequest response

When requesting files like `/hackattempt.js`, the pages controller was
responding with 404 status code.

However, since the request was considered a JavaScript request (because
of the `.js` extension), the response was also considered to be a
JavaScript one, and since the request wasn't an AJAX request, our
protection from forgery was preventing a potential security issue by
raising an InvalidCrossOriginRequest exception.

By setting HTML as content type, we correctly respond with a 404 status
code.

More info:

https://die-antwort.eu/techblog/2018-08-avoid-invalid-cross-origin-request-with-catch-all-route/

app/controllers/pages_controller.rb

@@ -15,6 +15,6 @@ class PagesController < ApplicationController
       render action: params[:id]
     end
   rescue ActionView::MissingTemplate
-    head 404
+    head 404, content_type: "text/html"
   end
 end

spec/controllers/pages_controller_spec.rb

@@ -42,6 +42,11 @@ describe PagesController do
       get :show, params: { id: "nonExistentPage" }
       expect(response).to be_missing
     end
+
+    it "returns a 404 message for a JavaScript request" do
+      get :show, params: { id: "nonExistentJavaScript.js" }
+      expect(response).to be_missing
+    end
   end
 
 end