Require TAXII content type in Accepts

oasis-tcs / cti-taxii2

OASIS CTI TC: An official CTI TC repository for TAXII 2 work

https://github.com/oasis-tcs/cti-taxii2

Other

9 stars 4 forks source link

Require TAXII content type in Accepts #66

Closed varnerac closed 6 years ago

varnerac commented 6 years ago

Every TAXII request requires a TAXII media type in the HTTP Accept header to determine the TAXII content type to return in case of an error.

Propose changing the following in 3.1 Endpoints:

All TAXII requests MUST include a media range in the Accept header. Requests for TAXII or STIX content MUST use the values from section 1.5.8 and SHOULD include the optional version parameter.

All TAXII requests MUST include a media range in the Accept header. The media range must include at least one TAXII media type. Requests for TAXII or STIX content MUST use the values from section 1.5.8 and SHOULD include the optional version parameter.

varnerac commented 6 years ago

We also need to fix the example in the 5.3 Get Objects table for Accept

johnwunder commented 6 years ago

This is interesting, nice catch.

Is there precedent for how to handle this in other specifications? Do they typically include both a type for the success condition and a type for the error condition in the Accept header? Do they weight them differently? Presumably you wouldn't want TAXII preferred over STIX, for example.

jordan2175 commented 6 years ago

I think they would equally be preferred, it would just depend on the type of data coming back. Nice catch @varnerac

jordan2175 commented 6 years ago

I changed the text to say:

All TAXII requests MUST include a media range in the Accept header and MUST include at least one TAXII media range. Requests for TAXII or STIX content MUST use the values from section 1.5.8 and SHOULD include the optional version parameter defined in that section.

jordan2175 commented 6 years ago

And I updated the examples in section 5.3 and 5.5