express-stormpath icon indicating copy to clipboard operation
express-stormpath copied to clipboard
verified publisher icon stormpath

Default response should be JSON, if not specified

Open edjiang opened this issue 9 years ago • 4 comments

If I set:

app.use(stormpath.init(app, {
  web: {
    produces: ['application/json']
  }
}));

And I send a HTTP request to a route with stormpath.loginRequired without an Accept header, Stormpath redirects me to /login?next=route

Expected behavior: Stormpath returns 401 Unauthorized

HTTP logs:

GET /notes

HTTP/1.1 302 Found
X-Powered-By: Express
Location: /login?next=%2Fnotes
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 44
Date: Fri, 11 Mar 2016 22:54:32 GMT

GET /notes
Accept: application/json

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Date: Fri, 11 Mar 2016 22:54:46 GMT

edjiang avatar Mar 11 '16 22:03 edjiang

Doing further testing, the express-stormpath framework doesn't follow this part of the framework spec:

    # If the request does not specify an Accept header, or the preferred accept
    # type is */*, the integration must respond with the first type in this
    # list.

edjiang avatar Mar 12 '16 00:03 edjiang

screen shot 2016-03-11 at 4 51 50 pm screen shot 2016-03-11 at 4 52 02 pm

edjiang avatar Mar 12 '16 00:03 edjiang

This issue is now tracking our need to implement our content negotiation strategy, as defined here:

https://github.com/stormpath/stormpath-framework-spec/blob/master/requests.md#content-type-negotiation

robertjd avatar May 05 '16 17:05 robertjd

Update: I'm now considering this a breaking change, as it would change the default behavior of this library. @typerandom do you agree? I'm thinking we need to hold off and make this part of a 4.0 release.

robertjd avatar Jun 21 '16 23:06 robertjd