Context
Currently none of the API endpoints (v1/random, v1/empty, v1/cleanjobs) validate the Accept header. While this doesn't cause functional issues, it means:
- Clients sending
Accept: text/html or malformed Accept headers get JSON back anyway (which is correct behavior currently)
- No content negotiation exists for future format extensions
Suggestion
Add optional validation of Accept: application/json header at the start of each endpoint. If present and not application/json, return a 406 Not Acceptable response:
{
"error": "Not Acceptable - only application/json is supported"
}
Endpoints affected
GET /v1/random/
DELETE /v1/empty/
DELETE /v1/cleanjobs/
Notes
- This should accept wildcard
*/* and application/* as valid
- No Accept header should default to JSON (backward compatible)
Context
Currently none of the API endpoints (v1/random, v1/empty, v1/cleanjobs) validate the
Acceptheader. While this doesn't cause functional issues, it means:Accept: text/htmlor malformed Accept headers get JSON back anyway (which is correct behavior currently)Suggestion
Add optional validation of
Accept: application/jsonheader at the start of each endpoint. If present and notapplication/json, return a 406 Not Acceptable response:{ "error": "Not Acceptable - only application/json is supported" }Endpoints affected
GET /v1/random/DELETE /v1/empty/DELETE /v1/cleanjobs/Notes
*/*andapplication/*as valid