lfs-test-server tricks client into violation of LFS spec

[slonopotamus]

https://github.com/git-lfs/lfs-test-server/blob/master/server.go#L554

Server tells client to use Accept: application/vnd.git-lfs header when accessing various links, including /verify. However, LFS specification clearly states that client sends Accept: application/vnd.git-lfs+json when accessing verification link.

Current behavior turns our to work with native git-lfs implementation, but not with other clients (git-lfs-java, for example) and overall is very fragile and depends on the order in which client builds its HTTP headers list.

[slonopotamus]

Same issue in gitea (because their code is based on lfs-test-server): go-gitea/gitea#6960

[slonopotamus]

Also see git-lfs/git-lfs#3662.

[slonopotamus]

See go-gitea/gitea#7015 for a way to fix server while preserving compatibility with git-lfs versions that do not have git-lfs/git-lfs#3662 fixed.

[bk2204]

Yeah, I think this definitely should be fixed. I have a fix and am in the middle of writing some tests for this.

[slonopotamus]

Feel free to @ me when you publish your changes.

[bk2204]

Actually, I just realized that I can't write a test for this because that code path requires tusd, which we can't require in the testsuite.