# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1679434187 -3600
# Node ID 60e0bc35de33a104e7627ddcef0cefe2083e6d50
# Parent  5943605201ca55835e1ca4b3a014740f168bbe2d
mod_http_oauth2: Relax payload content type checking in revocation

The code expected
Content-Type: application/x-www-form-urlencoded

HTTPie sent
Content-Type: application/x-www-form-urlencoded; charset=utf-8

It did not work

diff -r 5943605201ca -r 60e0bc35de33 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 22:23:28 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Tue Mar 21 22:29:47 2023 +0100
@@ -548,10 +548,6 @@
 
 local function handle_revocation_request(event)
 	local request, response = event.request, event.response;
-		if request.headers.content_type ~= "application/x-www-form-urlencoded"
-	or not request.body or request.body == "" then
-		return 400;
-	end
 	if request.headers.authorization then
 		local credentials = get_request_credentials(request);
 		if not credentials or credentials.type ~= "basic" then
@@ -564,9 +560,10 @@
 		end
 	end
 
-	local form_data = http.formdecode(event.request.body);
+	local form_data = http.formdecode(event.request.body or "");
 	if not form_data or not form_data.token then
-		return 400;
+		response.headers.accept = "application/x-www-form-urlencoded";
+		return 415;
 	end
 	local ok, err = tokens.revoke_token(form_data.token);
 	if not ok then