While I was securing XData server with Sphinx authentication using XDataServerJWT.ExpectedIssuers list, I noticed that when you empty this list, but forget a blank line, the server becomes unreachable. The blank line in the list is interpreted as a server (which doesn't exist) and therefore denies access.
I understand.
But this is very sensitive configuration, it regards security. For example, if user does this from code:
ExpectedIssuers.Add('');
I personally think the validation should fail. So I think even though it might be hard to find, the empty string was included by you. So I prefer that the server rejects any request due to a misconfiguration, than making it less string and accepting such misconfiguration just for the sake of being more "friendly" to the developer. Again, just in this specific case, because it involved server security.