Header parameters: "Accept" and "Content-type" in a REST context

I understand that the Accept parameter define a data type expected in a client response sent from the server, so it's used as a response header.

My question is regarding the Content-type, it's used by a client to define the body format of a request sent, I always used it as part of a client request, so I have a client request where I set the headers with Accept and Content-type. And recently, I came across a project where the Content-type is defined in the response headers (so sent by the server). So my question is: Content-type need to be set as part of the client request header or as part of the server response header or can it be set to both ?

109906 次浏览

The difference can be found in the specifications, in this case RFC 7231:

5.3.2. Accept

The "Accept" header field can be used by user agents to specify response media types that are acceptable.


3.1.1.5. Content-Type

The "Content-Type" header field indicates the media type of the associated representation

The Accept header always indicates what kind of response from the server a client can accept. Content-type is about the content of the current request or response, depending on which kind of HTTP message it is applied.

So if a request has no payload, you don't have to send a content-type request header, and the same goes for your response: no body, no header necessary.

Some servers may require you to provide a content-type in a request even if the request has no payload; the sever should return a 415 Unsupported Media Type response if you omit it.

Accept header is used by HTTP clients to tell the server which type of content they expect/prefer as response. Content-type can be used both by clients and servers to identify the format of the data in their request (client) or response (server) and, therefore, help the other part interpret correctly the information.

TL;DR

The entity header Content-Type is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. In requests, such as POST or PUT, the client tells the server what type of data is actually sent.

Elaborated Answer

As you correctly note, the Accept header is used by HTTP clients to tell the server what response media types are acceptable. The server, on their turn, will then send back a response, which will include the Content-Type header telling the client what the media type is actually returned.

Now, the Content-Type header could be on request and responses as well. Why? Well, think about POST or PUT requests. With those request types, the client is actually sending a bunch of data to the server as part of the request, and the Content-Type header tells the server what the data actually is and thus determines how the server will parse it.

Content negotiation: is the mechanism that is used for serving different representations of a resource at the same URI.

The Accept is Client Request-header field can be used to specify certain media types which are acceptable for the response.

The Content-Type is entity-header field indicates the media type of the entity-body sent to the recipient.

HTTP header fields provide required information about the request or response, or about the object sent in the message body. There are four types of HTTP message headers:

  • General-header: These header fields have general applicability for both request and response messages.
  • Client Request-header: These header fields have applicability only for request messages.
  • Server Response-header: These header fields have applicability only for response messages.
  • Entity-header: These header fields define meta information about the entity-body or, if no body is present, about the resource identified by the request. Source

https://www.w3.org/Protocols/HTTP/HTRQ_Headers.html
https://www.w3.org/Protocols/HTTP/Object_Headers.html

I think this is explained in MDN very clear.

Accept

The Accept request HTTP header advertises which content types, expressed as MIME types, the client is able to understand. Using content negotiation, the server then selects one of the proposals, uses it and informs the client of its choice with the Content-Type response header. Browsers set adequate values for this header depending on the context where the request is done: when fetching a CSS stylesheet a different value is set for the request than when fetching an image, video or a script.

Content-Type

The Content-Type representation header is used to indicate the original media type of the resource (prior to any content encoding applied for sending).

In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff.

In requests, (such as POST or PUT), the client tells the server what type of data is actually sent.