search

readthedocs-fr / bin-server

Un outil pour héberger des snippets de code et les partager via une URL.
https://bin.readthedocs.fr
MIT License
15 stars 15 forks source link

/delete route is not http compliant (401/403/Authorisation/WWW-Authorisation) #164

Open Julien00859 opened 1 year ago

Julien00859 commented 1 year ago

Reading the HTTP Spec there are several problems with the /delete route.

  1. When the Authorization header is missing or that the scheme is invalid, the response must be a 401 response with a WWW-Authenticate header.
  2. When the Authorization header is present and the scheme valid but that the code is invalid, the response must be a 403 response.
  3. The "Token" type does not exist, should be something else, I think "Bearer" but we should verify.
Mesteery commented 1 year ago

Do you mean WWW-Authenticate?