Default fallbacks should be media type-aware #28
Default fallbacks should be media type-aware #28
Conversation
We could set the ACCEPT header in the action for the endpoint. def protectedAction = SecuredAction("application/json") { implicit request =>
Ok("Full access")
} So the user can also implement the local fallback as example: override def notAuthenticated(request: RequestHeader): Option[Future[SimpleResult]] = {
Some(Future.successful(
render {
case Accepts.Json() => Forbidden(Json.obj("result" -> "Forbidden"))
case Accepts.Html() => Forbidden("Forbidden")
}
))
} And this works for the content negotiation and the endpoint approach. What do you think? |
I'm not sure I understand this suggestion:
def protectedAction = SecuredAction("application/json") { implicit request =>
Ok("Full access")
} As I understand, the user can implement the 2nd code fragment anyway, supporting the content types which are relevant to the application. And the default handlers would support the most common content types. The user handler might even delegate to the default handler in case of an unknown or not supported content type. |
As per definition the endpoint approach should only have one media type. If I call the endpoint /site/api/profile.json the media type should be application/json even if the client sends an other media type in the ACCEPT header. With this solution we define the media type for an action and override the media type send by the client. |
I see. The
So for an endpoint which produces results of a single type (for instance, JSON), it will check the This is done on the application code and I don't think it would be appropriate to override the I'm familiar with handling these requirements, so if you agree I could write some code that I think will clarify what I'm saying. |
Yes, I agree this is the better solution. |
This commit is an initial approach to implement the default, media type-aware fallbacks. It's not complete yet but it should give you an idea of the direction it's going. After finishing the default handlers, I plan to write some tests for situations in which these default handlers will and will not be invoked, along with different kinds of media type-aware user actions. |
We should create an example in the wiki for that. |
OK. I'll do that after I finish this issue. |
@akkie please review |
Default fallbacks should be media type-aware
Thank you for the review. Corrected and merged. |
@fernandoacorreia Do you remember to document this functionality. Maybe we should replace my AJAX example as suggested in #16. |
Thank you for bringing this to my attention. I'll work on that. |
Perfect! Thanks. |
The default fallbacks for unauthorized and forbidden requests should use content negotiation to produce a response with a content type adequate to the
Accept
request header.At least the most common media types should be supported:
text/plain
,text/html
,application/json
andapplication/xml
.See this discussion.