- changed status to open
5.1.2.2 External attachments: Require Content-Type header in the HTTP response
This is a suggestion to put it down in text that the endpoint must indicate the content type of the document. It may be obvious but better be explicit.
url
: REQUIRED. OAuth 2.0 resource endpoint from which the document can be retrieved. Providers MUST protect this endpoint. The endpoint URL MUST return the document whose cryptographic hash matches the value given in thedigest
element.
This is a suggestion for a sentence at the end of the paragraph, borrowing text from the embedded attachment section:
“The content (MIME) type of the document MUST be indicated in a Content-Type HTTP response header. See [RFC6838]. Multipart or message media types are not allowed.“
Comments (4)
-
-
This makes sense, to give an indication to the RP as to how to handle the document. Typical values would be:
application/pdf
image/tiffetc. The authoritative list is held by IANA: https://www.iana.org/assignments/media-types/media-types.xhtml
-
esolved by PR #107
-
- changed status to resolved
resolved by PR #107
- Log in to comment