Conversation

Notices

Embed this notice
Simon Willison (simon@fedi.simonwillison.net)'s status on Sunday, 22-Jan-2023 03:37:51 JST Simon Willison

Is anyone up for convincing me that the HTTP accept header is a good idea?
I understand the theory: every resource should have the same URI, and should be able to deliver to clients in the format that they indicate they can best handle - eg an image served as WEBP to supporting clients but falling back to JPEG
But we have 20+ years of real-world experience with it now, and I'm not at all convinced that those theoretical benefits outweigh the drawbacks: mainly its lack of discoverability

In conversation Sunday, 22-Jan-2023 03:37:51 JST from fedi.simonwillison.net permalink
- Embed this notice
  Evan Prodromou (evan@prodromou.pub)'s status on Sunday, 22-Jan-2023 03:37:48 JST Evan Prodromou
  in reply to
  
  @simon so, I can see it being useful when a resource can be retrieved with a explicit type, like
  GET /resource.json
  or
  GET /resource?format=json
  ...and when you instead do
  GET /resource
  ...it tries to guess the best format for you.
  But I agree that it's a little disconcerting when you test the API in a browser, and then shift to a standard library for a scripting language that has different header defaults.
  
  In conversation Sunday, 22-Jan-2023 03:37:48 JST permalink
- Embed this notice
  Simon Willison (simon@fedi.simonwillison.net)'s status on Sunday, 22-Jan-2023 03:37:50 JST Simon Willison
  in reply to
  
  I can't remember a time I've ever encountered an API that uses the accept header and thought "oh great, this is going to make my life easier, I'm glad they made that design decision"
  I usually think "oh wow, the accept header: that's going to make this less convenient to work with, and I'd better remember that this API uses that or I'll run into all kinds of surprises in the future"
  
  In conversation Sunday, 22-Jan-2023 03:37:50 JST permalink
- Embed this notice
  Evan Prodromou (evan@prodromou.pub)'s status on Sunday, 22-Jan-2023 04:02:34 JST Evan Prodromou
  in reply to
  
  @simon yeah, I guess I just have a hard time imagining cases where switching content types helps anyone.
  The case for image formats is better!
  
  In conversation Sunday, 22-Jan-2023 04:02:34 JST permalink
- Embed this notice
  Simon Willison (simon@fedi.simonwillison.net)'s status on Sunday, 22-Jan-2023 04:02:35 JST Simon Willison
  in reply to
  - Evan Prodromou
  @evan yeah that's the feature I've been considering adding to Datasette... but resisting, because I don't think it adds enough good things to the developer experience as opposed to making things more confusing
  
  In conversation Sunday, 22-Jan-2023 04:02:35 JST permalink
- Embed this notice
  daniel s. (selfagency@kibitz.cloud)'s status on Sunday, 22-Jan-2023 04:21:27 JST daniel s.
  in reply to
  - Evan Prodromou
  @evan @simon isn't the purpose, and i'm genuinely asking because i don't know whether it's actually implemented this way, to ensure that a malicious actor doesn't send, say, some kind of arbitrary bytes that when consumed make the consumer exploitable?
  
  In conversation Sunday, 22-Jan-2023 04:21:27 JST permalink
- Embed this notice
  Evan Prodromou (evan@prodromou.pub)'s status on Sunday, 22-Jan-2023 04:21:27 JST Evan Prodromou
  in reply to
  - daniel s.
  @selfagency @simon no.
  https://en.wikipedia.org/wiki/Content_negotiation?wprov=sfla1
  
  In conversation Sunday, 22-Jan-2023 04:21:27 JST permalink

Public

Notices

Feeds