indieauth icon indicating copy to clipboard operation
indieauth copied to clipboard

Published 20 hours ago verified publisher icon indieweb

recommend/require Accept-headers, and show them in examples

Open sknebel opened this issue 7 years ago • 9 comments

Since in-the-wild implementations also sometimes use/default to form-encoded in some places this spec requires JSON responses, it might make sense to state that clients SHOULD/MUST set an Accept: application/json header. Or is the intention to hunt all of them down and change their behavior?

sknebel avatar May 07 '18 20:05 sknebel

Looking at this again, I'm not sure what a good spot for a general note would be.

If you ok it I'd prepare a pull request adding the header to the examples?

sknebel avatar Jul 04 '18 20:07 sknebel

At the very least adding the Accept header to the examples is a good place to start, go for it!

aaronpk avatar Jul 04 '18 20:07 aaronpk

I'm inclined to not add text to the spec that requires or suggests sending the Accept header. Looking back at OAuth 2.0, it doesn't even include the Accept header in the examples, although that spec has always required a JSON response.

Now that it's been a year since this issue was opened, are there many servers left that are still sending form-encoded responses?

aaronpk avatar Jun 22 '19 17:06 aaronpk

Now that it's been a year since this issue was opened, are there many servers left that are still sending form-encoded responses?

indieauth.com does :)

fluffy-critter avatar Nov 28 '19 04:11 fluffy-critter

I would rather get all clients and servers to update to drop form-encoded responses completely at this point.

aaronpk avatar Jul 29 '20 20:07 aaronpk

I just had a check and selfauth defaults to JSON unless it receives other Accept headers, however there is an issue to change the default. Apparently it was (is?) an issue for Telegraph to default to JSON.

Zegnat avatar Jul 30 '20 06:07 Zegnat

All HTTP examples in the current version of the spec include Accept headers in the requests, and Content-Type headers in the responses. Are there any actionables left for this issue or can it be closed?

Zegnat avatar Nov 21 '20 14:11 Zegnat

While the examples all refer to the Accept: header, that was the case already - I opened this issue because the spec itself doesn't actually indicate whether the header is required, or what the default response should be if it's left off (if defined).

fluffy-critter avatar Nov 21 '20 18:11 fluffy-critter

I see what you mean now, @fluffy-critter. Thanks for elaborating!

I have filed a PR to mention the Accept headers outside of the (often taken as non-normative) example blocks.

Zegnat avatar Nov 22 '20 12:11 Zegnat