As implemented, the verification response handler uses content-type of application/x-www-form-urlencoded if there's no Accept: header provided (or the Accept: header doesn't specify a supported content-type); however the IndieAuth spec only states that the verification response should be a JSON object. So it seems that the default content-type in the response should be application/json.
As implemented, the verification response handler uses content-type of
application/x-www-form-urlencodedif there's noAccept:header provided (or theAccept:header doesn't specify a supported content-type); however the IndieAuth spec only states that the verification response should be a JSON object. So it seems that the default content-type in the response should beapplication/json.