Improper checking of headers #90
Description
In this file, it forces the headers to conform to the JSONAPI media type improperly.
To quote:
Servers MUST send all JSON API data in response documents with the header Content-Type: application/vnd.api+json without any media type parameters.
The server MUST respond with the proper headers, the library handles this okay.
Servers MUST respond with a 415 Unsupported Media Type status code if a request specifies the header Content-Type: application/vnd.api+json with any media type parameters.
This seems to be worded intentionally, such that if a request specifies the Content-Type: application/vnd.api+json header with any additional parameters, it should return a 415. The server itself is not required to force the client to send the Content-Type: application/vnd.api+json header (just to enforce that it's done properly if the client does send it), though the client is required by the spec to send it.
Servers MUST respond with a 406 Not Acceptable status code if a request’s Accept header contains the JSON API media type and all instances of that media type are modified with media type parameters.
This also seems to be worded intentionally, such that if a request specifies an Accept header with the proper type, but ALL instances of that media type are modified (meaning it can have multiple media types, and even multiple declarations of the JSONAPI media type), throw a 406. Again, the server is not required to force the client to send the Accept: application/vnd.api+json header (just to enforce that it's done properly if the client does send it -- and only to enforce it if they use the application/vnd.api+json media type, and each time it's specified it has modified media type parameters), and actually, the client isn't required to send this header at all, they're just required to not modify the media type with parameters on at least one instance of it if they do pass it.
Just wanted to clarify that. Great library!