diff --git a/peps/pep-0807.rst b/peps/pep-0807.rst index 1e54e30241c..adff6c70f15 100644 --- a/peps/pep-0807.rst +++ b/peps/pep-0807.rst @@ -125,6 +125,11 @@ apply to all parts of this PEP's specification: Receiving servers **SHOULD** respond with a ``406 Not Acceptable`` status code if any other ``Accept`` header is present. +* Unless otherwise specified, all error (4xx and 5xx) responses from the server + **MUST** use the :rfc:`9457` (Problem Details for HTTP APIs) format. + In particular, the server **MUST** use the "Problem Details JSON Object" + defined in :rfc:`Section 3 <9457#section-3>` and **SHOULD** use + the ``application/problem+json`` media type in its responses. Trusted Publishing Discovery ---------------------------- @@ -189,16 +194,10 @@ The discovery mechanism is as follows: If the server does not support Trusted Publishing for the given upload URL, it **MUST** respond with a ``404 Not Found`` status code. -When responding with a ``404 Not Found``, the server **SHOULD NOT** -include a response body. If a response body is included, it **MUST** -be ignored by the client. Servers **MAY** additionally respond with any other standard HTTP -error code in the 400 or 500 range to indicate an error condition. - -Non-``200 OK``, non-``404 Not Found`` responses **MAY** include a body which, -if present, **MUST** be a JSON object containing an -`Error Response `__. +error code in the 400 or 500 range to indicate an appropriate error +condition. Trusted Publishing Token Exchange --------------------------------- @@ -233,11 +232,8 @@ containing a JSON object with the following field: - ``audience``: a string containing the expected OIDC audience. -On failure, the server **MUST** respond with any standard HTTP -error code in the 400 or 500 range to indicate an error condition. -Failure responses **MAY** include a body which, if present, -**MUST** be a JSON object containing an -`Error Response `__. +On failure, the server **MUST** respond with a standard HTTP +error code in the 400 or 500 range to indicate the appropriate error condition. Token Minting ~~~~~~~~~~~~~ @@ -277,29 +273,7 @@ containing a JSON object with the following fields: above) to determine when to refresh the upload credential, if needed. On failure, the server **MUST** respond with any standard HTTP -error code in the 400 or 500 range to indicate an error condition. -Failure responses **MUST** include a body which, if present, -**MUST** be a JSON object containing an `Error Response `__. - -Error Responses ---------------- - -When an error response body is included, it **MUST** be a JSON object -containing the following fields: - -- ``message``: a string containing a short, high-level - human-readable summary of the error. - -- ``errors``: an array of one or more objects, each containing - the following fields: - - - ``code``: a string containing a machine-readable error code. - - ``description``: a string containing a human-readable - description of the error. - -This PEP does not specify any particular error codes. Clients **SHOULD NOT** -assume that error codes are consistent across different indices, and instead -**MUST** treat error codes as opaque strings. +error code in the 400 or 500 range to indicate the appropriate error condition. Security Implications ===================== @@ -417,7 +391,7 @@ Footnotes .. [#fn-hash] - The discovery key may be computed thus: + The discovery key may be computed thusly: .. code-block:: pycon