RIPAGlobal · pond · Nov 15, 2023 · Nov 15, 2023 · Nov 15, 2023 · Nov 15, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+# 2.6.1 (2023-11-15)
+
+* Always returns a `Content-Type` header with value `application/scim+json; charset=utf-8` in any response, since that's the only format the gem can write. Fixes [#59](https://github.com/RIPAGlobal/scimitar/issues/59).
+* Uses the more common header name form of `WWW-Authenticate` rather than the Rack-like `WWW_AUTHENTICATE` in responses.
+
 # 2.6.0 (2023-11-14)
 
 Features:

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -9,7 +9,7 @@ GIT
 PATH
   remote: .
   specs:
-    scimitar (2.6.0)
+    scimitar (2.6.1)
       rails (~> 7.0)
 
 GEM

diff --git a/app/controllers/scimitar/application_controller.rb b/app/controllers/scimitar/application_controller.rb
@@ -124,8 +124,13 @@ def add_mandatory_response_headers
         #
         # https://stackoverflow.com/questions/10239970/what-is-the-delimiter-for-www-authenticate-for-multiple-schemes
         #
-        response.set_header('WWW_AUTHENTICATE', 'Basic' ) if Scimitar.engine_configuration.basic_authenticator.present?
-        response.set_header('WWW_AUTHENTICATE', 'Bearer') if Scimitar.engine_configuration.token_authenticator.present?
+        response.set_header('WWW-Authenticate', 'Basic' ) if Scimitar.engine_configuration.basic_authenticator.present?
+        response.set_header('WWW-Authenticate', 'Bearer') if Scimitar.engine_configuration.token_authenticator.present?
+
+        # No matter what a caller might request via headers, the only content
+        # type we can ever respond with is JSON-for-SCIM.
+        #
+        response.set_header('Content-Type', "#{Mime::Type.lookup_by_extension(:scim)}; charset=utf-8")
       end
 
       def authenticate

diff --git a/lib/scimitar/version.rb b/lib/scimitar/version.rb
@@ -3,11 +3,11 @@ module Scimitar
   # Gem version. If this changes, be sure to re-run "bundle install" or
   # "bundle update".
   #
-  VERSION = '2.6.0'
+  VERSION = '2.6.1'
 
   # Date for VERSION. If this changes, be sure to re-run "bundle install"
   # or "bundle update".
   #
-  DATE = '2023-11-14'
+  DATE = '2023-11-15'
 
 end
diff --git a/spec/controllers/scimitar/application_controller_spec.rb b/spec/controllers/scimitar/application_controller_spec.rb
@@ -24,7 +24,7 @@ def index
       get :index, params: { format: :scim }
       expect(response).to be_ok
       expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
-      expect(response.headers['WWW_AUTHENTICATE']).to eql('Basic')
+      expect(response.headers['WWW-Authenticate']).to eql('Basic')
     end
 
     it 'renders failure with bad password' do
@@ -84,7 +84,7 @@ def index
       get :index, params: { format: :scim }
       expect(response).to be_ok
       expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
-      expect(response.headers['WWW_AUTHENTICATE']).to eql('Bearer')
+      expect(response.headers['WWW-Authenticate']).to eql('Bearer')
     end
 
     it 'renders failure with bad token' do