wagnerdelima / drf-social-oauth2

drf-social-oauth2 makes it easy to integrate Django social authentication with major OAuth2 providers, i.e., Facebook, Twitter, Google, etc.
https://drf-social-oauth2.readthedocs.io/en/latest/
MIT License
274 stars 34 forks source link

Content-Type header sent in HTTP 204 responses #247

Open Anthony-Stannard opened 2 months ago

Anthony-Stannard commented 2 months ago

A successful request to /auth/invalidate-sessions will result in an HTTP 204 response being returned. The HTTP 204 response will have a Content-Type header when it shouldn't have this header.

A simple fix would be to remove the empty dictionary from the POST Response in the InvalidateSessions and InvalidateRefreshTokens class:

Current line 281 in views.py return Response({}, status=HTTP_204_NO_CONTENT)

Can be fixed with: return Response(status=HTTP_204_NO_CONTENT)