e.g. Complement sends POST /forget without a JSON body, but it sets Content-Type: application/json anyway. Synapse is happy with that, but arguably shouldn't be.
(Ignore the fact that this request is meant to require a JSON body #16366 for now)
It seems like we should hold clients to a JSON-encoded body if they go so far as to set the content-type in the request.
As at Synapse v1.92.
As a soft proposal, we could add warnings when this is violated to start with so we can track down any clients that might be relying on this.
e.g. Complement sends
POST /forgetwithout a JSON body, but it setsContent-Type: application/jsonanyway. Synapse is happy with that, but arguably shouldn't be. (Ignore the fact that this request is meant to require a JSON body #16366 for now)It seems like we should hold clients to a JSON-encoded body if they go so far as to set the content-type in the request.
As at Synapse v1.92.
As a soft proposal, we could add warnings when this is violated to start with so we can track down any clients that might be relying on this.