rodauth: jwt: do not use json_request? to infer response type
As discussed in the google group, and having this example, a lot of actions in jwt mode aren’t consistent because one is using the Content-Type
header of the request to define if the response is going to be a json response.
As by the links presented in the google group thread, the Accept
header should be used to infer if the response is going to be json (unless rodauth is marked as json only, by which all answers will be json).
This is the reason why, json-only mode:
- sending a login request will try to access flash in case of error;
Content-Type
of the response will not be json in 405 case;- Any Type of request using the JWT tries again to access flash without the
Content-Type
header
My proposal:
- Drop the
json_request?
method, and replace it withjson_response?
. This method should check if one of these conditions is set:- rodauth is json-only
- the response has
Content-Type
set toapplication/json
- the request has
Accept
header withapplication/json
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 20 (20 by maintainers)
@jeremyevans @TiagoCardoso1983 Thank you for all your work on making the jwt feature even better! ❤️