Merge pull request #32 from fiatjaf/x-reason

X-Reason, a header for all user-facing error messages to go

buds/01.md

@@ -16,6 +16,10 @@ DELETE` headers.
 
 The header `Access-Control-Max-Age: 86400` MAY be set to cache the results of a preflight request for 24 hours.
 
+## Error responses
+
+Every time a server sends an error response (HTTP status codes >=400), it may include a human-readable header `X-Reason` that can be displayed to the user.
+
 ## Authorization events
 
 Authorization events are used to identify the users to the server
@@ -69,26 +73,6 @@ Authorization: Nostr eyJpZCI6IjhlY2JkY2RkNTMyOTIwMDEwNTUyNGExNDI4NzkxMzg4MWIzOWQ
 
 All endpoints MUST be served from the root path (eg. `https://cdn.example.com/upload`, etc). This allows clients to talk to servers interchangeably when uploading or retrieving blobs
 
-## Error Responses
-
-For HTTP `4xx` and `5xx` status codes servers MUST repond with `Content-Type: application/json` and a JSON object containing `message`
-
-The `message` field MUST be human readable and should explain the reason for the error. Optionally servers may include other fields for the client with more information about the error
-
-Example Error response:
-
-```
-HTTP/2 401
-content-type: application/json; charset=utf-8
-content-length: 32
-access-control-allow-origin: *
-access-control-expose-headers: *
-access-control-allow-headers: authorization,*
-access-control-allow-methods: get, put, delete
-
-{"message":"Missing Auth event"}
-```
-
 ## GET /sha256 - Get Blob
 
 The `GET /<sha256>` endpoint MUST return the contents of the blob with the `Content-Type` header set to the appropriate MIME type