Unsupported Accept header should result in 406
nbarbettini opened this issue · comments
Nate Barbettini commented
The /oauth/token
endpoint should strictly only allow Accept: application/json
requests, and return HTTP 406 on anything else.
Edward Jiang commented
Please see my comment here: #218 (comment)
robertjd commented
I'm with @edjiang on this one. The response will always be JSON, so there's really no point in asserting the Accept header.
Nate Barbettini commented
Edward Jiang commented
Yeah, that's fine. Although my specific bias is not to write unnecessary tests, and that behavior really isn't necessary for things to function...