Canonicizes identity URLs to make the netloc case-insensitive and path non-empty.
Supports rel="canonical" on TicketAuth grant requests. Fixes #486
Detailed description
The users http://example.com, http://Example.com, and http://example.com/ should all be equivalent.
Also, since TicketAuth has no mechanism for the endpoint to provide its own canonical identity, the only way for TicketAuth to prove ownership of a canonical URL is for the profile to provide rel="canonical" and for the ticket granter to forward its request to that canonical URL. So this change will forward a TicketAuth grant request if rel="canonical" is provided, with no trust given to the forwarding page (to avoid the situation where for example https://alice.example provides a TicketAuth endpoint and also a rel="canonical" of https://bob.example).
…uth requests
Summary
Canonicizes identity URLs to make the netloc case-insensitive and path non-empty.
Supports
rel="canonical"
on TicketAuth grant requests. Fixes #486Detailed description
The users
http://example.com
,http://Example.com
, andhttp://example.com/
should all be equivalent.Also, since TicketAuth has no mechanism for the endpoint to provide its own canonical identity, the only way for TicketAuth to prove ownership of a canonical URL is for the profile to provide
rel="canonical"
and for the ticket granter to forward its request to that canonical URL. So this change will forward a TicketAuth grant request ifrel="canonical"
is provided, with no trust given to the forwarding page (to avoid the situation where for examplehttps://alice.example
provides a TicketAuth endpoint and also arel="canonical"
ofhttps://bob.example
).Developer/user impact
Test plan
Added appropriate unit tests.
Got a site to show off?