My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 14: Providers with not valid content-type
1 person starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  ----
Closed:  Nov 2010


 
Reported by juzna.cz, Nov 2, 2010
Consumer in this library is not working with the biggest czech OpenID provider, because he sends content-type 'text/xml' instead of 'application/xrds+xml'.

I propose this simple patch, which make's it working.
0001-allowed-more-types-of-yadis-xml-file.patch
1.5 KB   View   Download
Nov 2, 2010
Project Member #1 mewp...@gmail.com
The OP you've mentioned violates the yadis protocol[1]. It should be fixed on their side, not in LightOpenID.

It would be a problem to make that change in LightOpenID, because websites can also have "text/xml" MIME type[2], and may contain discovery data inside meta-tags. While it is rarely used, it's possible, and contrary to what the OP does, valid.

Another question is, does it work with other consumers? Which ones? And what's the url of the provider anyway?

[1]: http://yadis.org/wiki/Yadis_1.0_%28HTML%29#6.2.5_Response
[2]: http://www.w3.org/TR/2002/NOTE-xhtml-media-types-20020801/#text-xml
Nov 11, 2010
#2 juzna.cz
It took me some time to study related specifications...

Yes, according to specification you're right. That provider is seznam.cz and I'll try to contact them, but I'm not sure if they would care. 

Interesting thing is, that other costumers work with that OP. I tried e.g. 'Simple OpenID PHP Class'[1], or just random websites that use OpenID works also [2] (and don't care about MIME type at all -- tested also with mime text/plain [3]). I think because many people can't set proper mime type and just upload their yadis file to web server [3].

For that reason I'm attaching another patch:
 - added attribute $strict = false
 - when $strict==false (default), then it tries to guess, whether it's XRDS
With this patch it will work with most providers and also personal OpenIDs (like juzna.cz), who wants to be strict, can change strict attribute to true.
(Perhaps you can set strict to true by default).


[1]: http://www.phpclasses.org/package/3290-PHP-Authenticate-users-with-OpenID-single-sign-on.html
[2]: https://www.myopenid.com/directory
[3]: http://juzna.cz/yadis

0001-allowed-more-types-of-yadis-xml-file.patch
2.6 KB   View   Download
Nov 12, 2010
#3 juzna.cz
I've rebased my patch on top of origin/master, so that you can apply if cleanly.
0001-allowed-more-types-of-yadis-xml-file.patch
2.6 KB   View   Download
Nov 12, 2010
Project Member #4 mewp...@gmail.com
Making a compatibility switch is a dirty hack, that should be avoided (since it leads only to more bugs, and incompatibility between instances of the same library).

I think that after all, I'll remove the check for application/xrds+xml, and instead get the content as soon as there's no x-xrds-location header. Only XRDS documents should contain service elements, so it probably won't break anything.

I'll commit the patch later, when I think about it some more time.
Anyway, thanks for your interest.
Status: Started
Nov 22, 2010
Project Member #5 mewp...@gmail.com
I've decided to allow text/xml content-type. The discovery of seznam.cz now works.
Status: Fixed

Powered by Google Project Hosting