Client has no way to initially know which version a TAXII server supports

oasis-tcs / cti-taxii2

OASIS CTI TC: An official CTI TC repository for TAXII 2 work

https://github.com/oasis-tcs/cti-taxii2

Other

9 stars 4 forks source link

Client has no way to initially know which version a TAXII server supports #72

Open jordan2175 opened 6 years ago

jordan2175 commented 6 years ago

We have a chicken-and-egg problem. If a TAXII server does strict checking of the media type, the client will have no way of knowing what version a TAXII server is using without randomly guessing.

A Client sents application/taxii+json; version=2.0 and they get an unsupported media type, they can then just "try" 2.1 or 2.2 or 2.3 until they find a version that the TAXII server supports.

This was brought up by someone in the community that is writing client code.

Darkheir commented 5 years ago

Even if the server throws a 415 Unacceptable Media Type it may also include in the headers Content-Type: application/vnd.oasis.taxii+json; version=2.0 to let the client know what version is supported.