Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content-type header not respecting Accept header for application/scim+json #59

Closed
wooly opened this issue Jul 24, 2023 · 8 comments
Closed

Content-type header not respecting Accept header for application/scim+json #59

wooly opened this issue Jul 24, 2023 · 8 comments

Comments

@wooly
Copy link

wooly commented Jul 24, 2023
edited
Loading

Hi there,

We're trying to use the Microsoft Azure AD SCIM Validator tool here, and we're coming across an issue as shown in the screenshot below:

MicrosoftTeams-image (13)

Testing this in postman, when setting the Accept header in the request to the /Users endpoint, we get a json response, but the content-type header isn't using application/scim+json, which I'm guessing is what the validator is expecting?

MicrosoftTeams-image (14)

Is there anything we can do to set the response content-type header to application/scim+json to appease the validator?

Thanks!
@chaskett
Copy link

chaskett commented Oct 4, 2023

@pond any chance you have any thoughts on this? :-)

@pond
Copy link
Member

pond commented Oct 5, 2023
edited
Loading

Not much time to look into this, but in the short term, your controllers could add a before_action filter that does something like:

response.set_header('CONTENT_TYPE', Mime::Type.lookup_by_extension(:scim).to_s)

...as a blunt force solution, perhaps evolving that if you wish to detect Accept in Request. It's probably something that Scimitar's base controllers out to do via render, if it's not happening already, but a quick glance though specs didn't make that too clear (other than MDN implying that if Accept is present in general then Content-Type ought to respond with the chosen content type - but if you only accept one thing, there's not much of a choice). It'll be down to Rails just responding by default with application/json; charset=utf-8 when render :json is used (and that might override your before-action... In which case maybe after-action!).

@chaskett
Copy link

chaskett commented Oct 5, 2023

Thanks! I will aim to feedback what how we solve this.

@wooly
Copy link
Author

wooly commented Oct 9, 2023
edited
Loading

We've ended up patching the Scimitar application controller's add_mandatory_response_header method to add the CONTENT_TYPE header like you suggested 👍

@kwent
Copy link

kwent commented Oct 12, 2023
edited
Loading

Running into the same issue. @wooly could you share a snippet of code of the patch ?

@wooly
Copy link
Author

wooly commented Oct 12, 2023
edited
Loading

@kwent it's a one-liner here: e684359

We're running our own fork of scimitar with this patch and another couple of patches to satisfy the Microsoft Scim Validator if you get stuck there too.

@pond pond mentioned this issue Nov 15, 2023
Merged
@pond
Copy link
Member

pond commented Nov 15, 2023

This is (well, should be!) fixed by #85.

@pond
Copy link
Member

pond commented Nov 15, 2023

I've pushed v2.6.1 including #85 now, along with v1.7.1 which back-ports the fix via #86.

@pond pond closed this as completed Jan 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pond @wooly @kwent @chaskett