Encoding of the received files and/or body data was failing in case of raw
binary data being POSTed/PUT/etc. (The exact trigger was actually a non-UTF-8
data stream, since Flask's `jsonify`, i.e. `simplejson.dumps` assumes UTF-8.)
Binary data in a JSON response are now encoded as "data" URLs, according to
RFC 2397. "Data" URL scheme was chosen for its simplicity and clarity. MIME
type is included. Plain text is passed thru unmodified, as before.
Also, tests demonstrating the bug/fix added to `test_httpbin.py`.
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a
WWW-Authenticate header field (section 14.47) containing a challenge applicable
to the requested resource. The client MAY repeat the request with a suitable
Authorization header field (section 14.8). If the request already included
Authorization credentials, then the 401 response indicates that authorization
has been refused for those credentials. If the 401 response contains the same
challenge as the prior response, and the user agent has already attempted
authentication at least once, then the user SHOULD be presented the entity that
was given in the response, since that entity might include relevant diagnostic
information. HTTP access authentication is explained in "HTTP Authentication:
Basic and Digest Access Authentication" [43].
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization
will not help and the request SHOULD NOT be repeated. If the request method was
not HEAD and the server wishes to make public why the request has not been
fulfilled, it SHOULD describe the reason for the refusal in the entity. If the
server does not wish to make this information available to the client, the
status code 404 (Not Found) can be used instead.
Kenneth Reitz