Unsupported Accept header should result in 406

Question

nbarbettini opened this issue 8 years ago · comments

The /oauth/token endpoint should strictly only allow Accept: application/json requests, and return HTTP 406 on anything else.

Edward Jiang · Answer 1 · Wed Mar 30 2016 04:54:28 GMT+0800 (China Standard Time)

Please see my comment here: #218 (comment)

robertjd · Answer 2 · Wed Mar 30 2016 04:56:55 GMT+0800 (China Standard Time)

I'm with @edjiang on this one. The response will always be JSON, so there's really no point in asserting the Accept header.

Nate Barbettini · Answer 3 · Wed Mar 30 2016 05:00:55 GMT+0800 (China Standard Time)

I will bow to @edjiang and @robertjd on this one. 😄

I assume that #16 is okay, though?

Edward Jiang · Answer 4 · Wed Mar 30 2016 05:18:47 GMT+0800 (China Standard Time)

Yeah, that's fine. Although my specific bias is not to write unnecessary tests, and that behavior really isn't necessary for things to function...