At present if I return

{:status 401 :body [:h1 "no can do"]}

from a handler, it fails during the middleware stuff where it's trying to merge things.

To get around this, I had to make my own function that evaluates the layout manually.

(defn not-authorized [request body]
  (merge
    (template/app-layout {:request request :body body})
    @{
    :status 401
    }))

I think it's safe to say that if the body is a list and not bytes?, and there's no content type header, that the layout middleware can be used.