Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wrong mimetype check in openid.php ? #69

Open
GoogleCodeExporter opened this issue Jul 6, 2015 · 3 comments
Open

wrong mimetype check in openid.php ? #69

GoogleCodeExporter opened this issue Jul 6, 2015 · 3 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

at line 430 in openid.php we have:

                if (isset($headers['content-type'])
                    && (strpos($headers['content-type'], 'application/xrds+xml') !== false
                        || strpos($headers['content-type'], 'text/xml') !== false)
                ) {
                    # Apparently, some providers return XRDS documents as text/html.
                    # While it is against the spec, allowing this here shouldn't break
                    # compatibility with anything.
                    # ---
                    # Found an XRDS document, now let's find the server, and optionally delegate.
                    $content = $this->request($url, 'GET');

I had exactly the problem, as stated in above comment, that when doing an HTTP 
HEAD request the 
returned mimetype 'text/html' however when doing an HTTP GET  request it 
returns an XRDS document with as mimetype 'application/xrds+xml'.  
However it appears for me that the comment only makes sense if you change in 
the if statement 'text/xml' to 'text/html'!
So I guess it is a type?  At least it solved my problem: allowing also 
'text/html' in the if statement so that it is going to
fetch and parse the XRDS document.

Thus I propose change line 432;
                        || strpos($headers['content-type'], 'text/xml') !== false)
into:
                        || strpos($headers['content-type'], 'text/html') !== false)

Best regards,
Harco Kuppens

Original issue reported on code.google.com by [email protected] on 18 Jun 2013 at 10:38
@GoogleCodeExporter
Copy link
Author 

I just spent a good while tracking down why openid->identity was always coming 
back with https://open.login.yahooapis.com/openid20/user_profile/xrds  for yahoo
long story short, the mentioned if statement was failing... and lightopenid 
incorrectly updated the value for identity/claimed_id

I'm guessing the if statement is meant to check for
'application/xrds+xml' || 'text/xml' || 'text/html'

Original comment by [email protected] on 31 Jan 2014 at 6:26

@GoogleCodeExporter
Copy link
Author 

rss feeds

Original comment by [email protected] on 1 Feb 2014 at 5:58

@GoogleCodeExporter
Copy link
Author 

If you include text/html providers like flicker, wordpress, blogger, etc, will 
only give you an endless redirection.

Original comment by [email protected] on 24 Feb 2014 at 12:17

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter