Open ravecat opened 3 months ago
The referenced plug specifically checks that the Content-Type request header is valid. Since that header specifies the type of the request body, it is not relevant for HEAD, GET, or DELETE requests. One could theoretically be a stickler and deny a request that has no body but still specifies a Contnet-Type (of any value), but that’s probably rarely done in practice.
On second thought, since the plug does bother to validate the accept header as well, it does look like a bug that it ignores some http verbs. Would be better if it validated content-type and accept for put/post/patch and still validated accept for get requests.
@mattpolzin thank you for you answer
updated MIME configuration accroding docs, this will allow control of content at the application level
config :mime, :types, %{
"application/vnd.api+json" => ["json-api"]
}
and my pipeline
pipeline :api do
plug :accepts, ["json-api"]
plug JSONAPI.EnsureSpec
plug JSONAPI.Deserializer
plug JSONAPI.UnderscoreParameters
end
Looking good!
Thank you for your work, I am integrating your lib into my application and I have a question.
Seen source code of
JSONAPI.ContentTypeNegotiation
for validation and I'm surprised that he's ignoring some of the methodsbecause spec requires that communication between the client and servers should be done with the
application/vnd.api+json
header.Could you clarify that point