My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 69: wrong mimetype check in openid.php ?
1 person starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


 
Reported by H.Kupp...@gmail.com, Jun 18, 2013
at line 430 in openid.php we have:

                if (isset($headers['content-type'])
                    && (strpos($headers['content-type'], 'application/xrds+xml') !== false
                        || strpos($headers['content-type'], 'text/xml') !== false)
                ) {
                    # Apparently, some providers return XRDS documents as text/html.
                    # While it is against the spec, allowing this here shouldn't break
                    # compatibility with anything.
                    # ---
                    # Found an XRDS document, now let's find the server, and optionally delegate.
                    $content = $this->request($url, 'GET');

I had exactly the problem, as stated in above comment, that when doing an HTTP HEAD request the 
returned mimetype 'text/html' however when doing an HTTP GET  request it returns an XRDS document with as mimetype 'application/xrds+xml'.  
However it appears for me that the comment only makes sense if you change in the if statement 'text/xml' to 'text/html'!
So I guess it is a type?  At least it solved my problem: allowing also 'text/html' in the if statement so that it is going to
fetch and parse the XRDS document.

Thus I propose change line 432;
                        || strpos($headers['content-type'], 'text/xml') !== false)
into:
                        || strpos($headers['content-type'], 'text/html') !== false)

Best regards,
Harco Kuppens
Jan 30, 2014
#1 kent.b...@gmail.com
I just spent a good while tracking down why openid->identity was always coming back with https://open.login.yahooapis.com/openid20/user_profile/xrds  for yahoo
long story short, the mentioned if statement was failing... and lightopenid incorrectly updated the value for identity/claimed_id

I'm guessing the if statement is meant to check for
'application/xrds+xml' || 'text/xml' || 'text/html'
Feb 1, 2014
#2 er.re...@outlook.de
rss feeds
Feb 24, 2014
#3 psykick....@gmail.com
If you include text/html providers like flicker, wordpress, blogger, etc, will only give you an endless redirection.

Powered by Google Project Hosting