When #only_json? is set to true, the JSON feature requires that requests have Content-Type and Accept headers set to JSON. This is not the case in internal requests, which have a form-data content type set up.
Since in internal requests we don't want to deal with HTTP-level requirements, we set #only_json? to false in the internal auth class to allow non-JSON requests. This should be fine, because in internal requests params are grabbed from an internal hash anyway.
When
#only_json?
is set to true, the JSON feature requires that requests haveContent-Type
andAccept
headers set to JSON. This is not the case in internal requests, which have a form-data content type set up.Since in internal requests we don't want to deal with HTTP-level requirements, we set
#only_json?
to false in the internal auth class to allow non-JSON requests. This should be fine, because in internal requests params are grabbed from an internal hash anyway.