Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to interpret empty HTTP Accept header?

The HTTP/1.1 Accept request header is specified in RFC 2616, section 14.1.

It's syntax is given like this:

   Accept         = "Accept" ":"                     #( media-range [ accept-params ] ) 

# without any number states zero or more according to section 2.1. However, section 14.1 doesn't make any statement about how to interpret an empty Accept header. This is in contrast to section 14.2, which talks about Accept-Encoding, where not only 1# is used (one or more), but also the case for an empty Accept-Encoding header is specified, which is kind of weird. Some other sections dealing with request headers are also specific on the special case of an empty value.

Should one treat an empty Accept header equivalently to a non-existent Accept header? Are there any official resources on this I missed?

like image 743
Jonas Schäfer Avatar asked Aug 26 '12 14:08

Jonas Schäfer


People also ask

Can HTTP header have empty value?

HTTP headers are key/value pairs sent at the beginning of a request or response. According to the grammar in RFC 7230, a field could have an empty value.

What does the Accept HTTP request header represent?

The Accept request HTTP header indicates which content types, expressed as MIME types, the client is able to understand. The server uses content negotiation to select one of the proposals and informs the client of the choice with the Content-Type response header.

What does */* mean in Accept header?

The * character is considered the wildcard. accept: */* simply means that any data of whatever mimetype is accepted and the server may choose what to return to the requesting client.


1 Answers

From RFC2616 Sec4.2:

Each header field consists of a name followed by a colon (":") and the field value.

At first glance, this would seem to put messages that specify empty header values in the malformed, non-compliant category. However, the augmented BNF form outlined in RFC2616 Sec2.1 indicates that

"#element" allows any number, including zero

As this is the declaration used to specify Accept header values, it appears that empty values are valid.

Parsing empty headers and headers with nothing but whitespace can be problematic because of the following direction from the spec:

The field-content does not include any leading or trailing LWS: linear white space occurring before the first non-whitespace character of the field-value or after the last non-whitespace character of the field-value. Such leading or trailing LWS MAY be removed without changing the semantics of the field value. Any LWS that occurs between field-content MAY be replaced with a single SP before interpreting the field value or forwarding the message downstream.

IMHO, sending an empty header is completely pointless. It shouldn't be done, and parsers may not correctly parse these headers. Traditionally, people who want to circumvent such limitations when dealing with non-compliant components have specified "pseudo-empty" values like this:

X-MyCustomHeader: ""

If you simply want to validate that a header field was sent as some form of boolean switch, consider sending a placeholder value like the above instead of an empty value.


Update

I guess I wasn't very clear in directly answering the question: in the case of an empty Accept header you really have two options:

  • Send a 406 Not Acceptable response to inform the client that you don't offer any content types for an empty Accept value (duh).

This is justified, but not required by RFC2616 Sec14.1:

If an Accept header field is present, and if the server cannot send a response which is acceptable according to the combined Accept field value, then the server SHOULD send a 406 (not acceptable) response.

  • Or, because this is not required and it's highly unlikely the user doesn't accept any content-types (otherwise, why would they bother to send the request?) ... I would suggest treating an empty Accept: value (if message rejection isn't an option) the same as Accept: */*.
like image 188
rdlowrey Avatar answered Sep 20 '22 04:09

rdlowrey