Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/delete route is not http compliant (401/403/Authorisation/WWW-Authorisation) #164

Open
Julien00859 opened this issue Sep 10, 2022 · 1 comment
Open

/delete route is not http compliant (401/403/Authorisation/WWW-Authorisation) #164

Julien00859 opened this issue Sep 10, 2022 · 1 comment
Labels
good first issue Good for newcomers

Comments

@Julien00859
Copy link
Member

Julien00859 commented Sep 10, 2022
edited
Loading

Reading the HTTP Spec there are several problems with the /delete route.

  1. When the Authorization header is missing or that the scheme is invalid, the response must be a 401 response with a WWW-Authenticate header.
  2. When the Authorization header is present and the scheme valid but that the code is invalid, the response must be a 403 response.
  3. The "Token" type does not exist, should be something else, I think "Bearer" but we should verify.
@Mesteery
Copy link
Collaborator

Do you mean WWW-Authenticate?

@Mesteery Mesteery added the good first issue Good for newcomers label Sep 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Julien00859 @Mesteery