Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Breaking change to HTTP POST API in v2.2.0 #1713
Users that are unable to set this header would no longer be able to use the HTTP POST API. And even those that could, we should not introduce breaking changes in a feature release. I guess the correct thing to do is have the check configurable and disabled (i.e. the v2.1.0 behaviour) by default, but will a clear recommendation to enable it. At least until the next major release of Mopidy at which point a breaking change is reasonable.
In the name of secure defaults, I'd like the current behavior to remain the default.
I'm open to adding a config value to turn the check off, so that the issue can be resolved on either the client side by adding the