Looking at this again, I'm not sure what a good spot for a general note would be.

If you ok it I'd prepare a pull request adding the header to the examples?

At the very least adding the Accept header to the examples is a good place to start, go for it!

I'm inclined to not add text to the spec that requires or suggests sending the Accept header. Looking back at OAuth 2.0, it doesn't even include the Accept header in the examples, although that spec has always required a JSON response.

Now that it's been a year since this issue was opened, are there many servers left that are still sending form-encoded responses?

Now that it's been a year since this issue was opened, are there many servers left that are still sending form-encoded responses?

indieauth.com does :)

I would rather get all clients and servers to update to drop form-encoded responses completely at this point.

I just had a check and selfauth defaults to JSON unless it receives other Accept headers, however there is an issue to change the default. Apparently it was (is?) an issue for Telegraph to default to JSON.

All HTTP examples in the current version of the spec include Accept headers in the requests, and Content-Type headers in the responses. Are there any actionables left for this issue or can it be closed?

While the examples all refer to the Accept: header, that was the case already - I opened this issue because the spec itself doesn't actually indicate whether the header is required, or what the default response should be if it's left off (if defined).

I see what you mean now, @fluffy-critter. Thanks for elaborating!

I have filed a PR to mention the Accept headers outside of the (often taken as non-normative) example blocks.