My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 62: only xrds returned from provider on client validate check
1 person starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


 
Reported by Jason.Me...@gmail.com, Aug 16, 2012
looking at the typical harness for openid/yadis like the example here:
http://blog.paulisageek.com/2009/06/easy-openid-delegation-with-yadis.html

when using lightopenid you MUST add a secondary check to 
if (strpos($_SERVER['HTTP_ACCEPT'], "application/xrds+xml") !== FALSE) {
when using the current implementation of 
https://gitorious.org/lightopenid/lightopenid/blobs/master/openid.php

i.e. 
if (strpos($_SERVER['HTTP_ACCEPT'], "application/xrds+xml") !== FALSE && !isset($_REQUEST['openid_mode']) {

the method "request_curl" adds 'Accept: application/xrds+xml, */*' regardless of the request method while "request_streams" DOES NOT add the header when the method is POST

"request_curl" should be corrected to
if($method != 'POST'){
  curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/xrds+xml, */*'));
}



Powered by Google Project Hosting