How to interpret empty HTTP Accept header?

2020-02-09 07:02发布

The HTTP/1.1 Accept request header is specified in RFC 2616, section 14.1.

It's syntax is given like this:

   Accept         = "Accept" ":"
                    #( media-range [ accept-params ] )

# without any number states zero or more according to section 2.1. However, section 14.1 doesn't make any statement about how to interpret an empty Accept header. This is in contrast to section 14.2, which talks about Accept-Encoding, where not only 1# is used (one or more), but also the case for an empty Accept-Encoding header is specified, which is kind of weird. Some other sections dealing with request headers are also specific on the special case of an empty value.

Should one treat an empty Accept header equivalently to a non-existent Accept header? Are there any official resources on this I missed?

2条回答
Deceive 欺骗
2楼-- · 2020-02-09 07:17

According to http://tools.ietf.org/html/rfc7231#section-5.3.2:

A request without any Accept header field implies that the user agent will accept any media type in response.

You should treat a non-existent Accept header as */*.

查看更多
来,给爷笑一个
3楼-- · 2020-02-09 07:22

From RFC2616 Sec4.2:

Each header field consists of a name followed by a colon (":") and the field value.

At first glance, this would seem to put messages that specify empty header values in the malformed, non-compliant category. However, the augmented BNF form outlined in RFC2616 Sec2.1 indicates that

"#element" allows any number, including zero

As this is the declaration used to specify Accept header values, it appears that empty values are valid.

Parsing empty headers and headers with nothing but whitespace can be problematic because of the following direction from the spec:

The field-content does not include any leading or trailing LWS: linear white space occurring before the first non-whitespace character of the field-value or after the last non-whitespace character of the field-value. Such leading or trailing LWS MAY be removed without changing the semantics of the field value. Any LWS that occurs between field-content MAY be replaced with a single SP before interpreting the field value or forwarding the message downstream.

IMHO, sending an empty header is completely pointless. It shouldn't be done, and parsers may not correctly parse these headers. Traditionally, people who want to circumvent such limitations when dealing with non-compliant components have specified "pseudo-empty" values like this:

X-MyCustomHeader: ""

If you simply want to validate that a header field was sent as some form of boolean switch, consider sending a placeholder value like the above instead of an empty value.


Update

I guess I wasn't very clear in directly answering the question: in the case of an empty Accept header you really have two options:

  • Send a 406 Not Acceptable response to inform the client that you don't offer any content types for an empty Accept value (duh).

This is justified, but not required by RFC2616 Sec14.1:

If an Accept header field is present, and if the server cannot send a response which is acceptable according to the combined Accept field value, then the server SHOULD send a 406 (not acceptable) response.

  • Or, because this is not required and it's highly unlikely the user doesn't accept any content-types (otherwise, why would they bother to send the request?) ... I would suggest treating an empty Accept: value (if message rejection isn't an option) the same as Accept: */*.
查看更多
登录 后发表回答