recommend/require Accept-headers, and show them in examples

indieweb / indieauth

IndieAuth.net website code and IndieAuth Specification

52 stars 7 forks source link

recommend/require Accept-headers, and show them in examples #18

Open sknebel opened 6 years ago

sknebel commented 6 years ago

Since in-the-wild implementations also sometimes use/default to form-encoded in some places this spec requires JSON responses, it might make sense to state that clients SHOULD/MUST set an Accept: application/json header. Or is the intention to hunt all of them down and change their behavior?

sknebel commented 6 years ago

Looking at this again, I'm not sure what a good spot for a general note would be.

If you ok it I'd prepare a pull request adding the header to the examples?

aaronpk commented 6 years ago

At the very least adding the Accept header to the examples is a good place to start, go for it!

aaronpk commented 5 years ago

I'm inclined to not add text to the spec that requires or suggests sending the Accept header. Looking back at OAuth 2.0, it doesn't even include the Accept header in the examples, although that spec has always required a JSON response.

Now that it's been a year since this issue was opened, are there many servers left that are still sending form-encoded responses?

fluffy-critter commented 4 years ago

Now that it's been a year since this issue was opened, are there many servers left that are still sending form-encoded responses?

indieauth.com does :)

aaronpk commented 4 years ago

I would rather get all clients and servers to update to drop form-encoded responses completely at this point.

Zegnat commented 4 years ago

I just had a check and selfauth defaults to JSON unless it receives other Accept headers, however there is an issue to change the default. Apparently it was (is?) an issue for Telegraph to default to JSON.

Zegnat commented 3 years ago

All HTTP examples in the current version of the spec include Accept headers in the requests, and Content-Type headers in the responses. Are there any actionables left for this issue or can it be closed?

fluffy-critter commented 3 years ago

While the examples all refer to the Accept: header, that was the case already - I opened this issue because the spec itself doesn't actually indicate whether the header is required, or what the default response should be if it's left off (if defined).

Zegnat commented 3 years ago

I see what you mean now, @fluffy-critter. Thanks for elaborating!

I have filed a PR to mention the Accept headers outside of the (often taken as non-normative) example blocks.