rodauth: jwt: do not use json_request? to infer response type

As discussed in the google group, and having this example, a lot of actions in jwt mode aren’t consistent because one is using the Content-Type header of the request to define if the response is going to be a json response.

As by the links presented in the google group thread, the Accept header should be used to infer if the response is going to be json (unless rodauth is marked as json only, by which all answers will be json).

This is the reason why, json-only mode:

  • sending a login request will try to access flash in case of error;
  • Content-Type of the response will not be json in 405 case;
  • Any Type of request using the JWT tries again to access flash without the Content-Type header

My proposal:

  • Drop the json_request? method, and replace it with json_response?. This method should check if one of these conditions is set:
    • rodauth is json-only
    • the response has Content-Type set to application/json
    • the request has Accept header with application/json

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 20 (20 by maintainers)

Most upvoted comments

@jeremyevans @TiagoCardoso1983 Thank you for all your work on making the jwt feature even better! ❤️