Wrong MIME type with OpenID.pl

[GoogleCodeExporter]

Is this issue relating to writing a Relying Party, a Provider, or both?

Issue is related to OpenId.pl used to log in into stackoverflow.com

What steps will reproduce the problem?
(please include the actual Claimed Identifier or OpenID Url used to repro
the problem if possible)
1. Go to stackoverflow login page: http://stackoverflow.com/users/authenticate
2. Put there foo.openid.pl or whatever URL from openid.pl domain
3. Read beatiful message "That OpenID URL has an unknown or invalid MIME
content type"

What is the expected output?

Login page of OpenID.pl

What do you see instead?

Message: 
"That OpenID URL has an unknown or invalid MIME content type"

What version of the product are you using?  Official build?

Probably - it's used by stackoverflow site. 

Can this problem be reproduced using the included samples?
Yep. 

Problem described in detail on uservoice site used to fill bugs for
StackOverflow: 
http://stackoverflow.uservoice.com/pages/general/suggestions/127630-unable-to-lo
gin-with-openid-wrong-mime-type

StackOverflow developers asked for filling bug in here. 

GL with this one, 
Ursus 

Original issue reported on code.google.com by urs...@gmail.com on 14 Apr 2009 at 3:30

[GoogleCodeExporter]

Original comment by andrewar...@gmail.com on 14 Apr 2009 at 4:21

• Changed state: Started
• Added labels: Release-3.0, Type-Interop
• Removed labels: Type-Defect

[GoogleCodeExporter]

In fact openid.pl is returning faulty HTTP responses.  Here are the headers 
from one 
such response from openid.pl

Connection: Keep-Alive
Status: 200
Content-Length: 336
Cache-Control: no-cache
Content-Type: charset=utf-8
Date: Tue, 14 Apr 2009 16:21:45 GMT
Set-Cookie: _session_id=9ad2261e817be292b9a7f7d5537ea311; domain=.openid.pl; 
path=/
Server: Mongrel 1.0.1
Via: 1.1 RED-PRXY-29

Note that the Content-Type header has an invalid formed value.  See the 
following 
relevant sections of RFC 2616:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7

Specifically, Content-Type MUST always have a "type/subtype" value, with an 
optional 
";parameter" notation, where the parameter might be ";charset=utf-8".  So the 
HTTP 
header is malformed because it lacks the "type/subtype;" prefix.

DotNetOpenId is catching this and rejecting this.  A future version of this 
library 
MAY want to be more accommodating and just quietly ignore faulty HTTP headers, 
but 
the openid.pl host should be corrected.

Original comment by andrewar...@gmail.com on 14 Apr 2009 at 4:30

[GoogleCodeExporter]

I have emailed marcin.jagodzinski@gmail.com, who is listed at openid.pl as the 
contact for that site with the details of what they can do to fix this.

Original comment by andrewar...@gmail.com on 14 Apr 2009 at 4:41

[GoogleCodeExporter]

Thanks a lot for quick answer for this issue. 
I also e-mailed Marcin about this case, because some time ago he was looking at 
this
problem and these days it looked like problem was on the 
stackoverflow/dotnetopenid
side. 

Once again thanks a lot. 

Original comment by urs...@gmail.com on 14 Apr 2009 at 4:47

[GoogleCodeExporter]

You're welcome, and thanks for reporting it here.

I've modified the library to log an error but still allow OpenID logins to work 
when 
this occurs as well.  It should still certainly be fixed on the Provider-side, 
both 
because it's the right thing to do, and because plenty of existing RPs out 
there will 
have the same problem until this is fixed.  But future versions of DNOI/DNOA 
will be 
more tolerant of OPs with this problem.

v2.5 28cd7ff29ec
v3.0 5cf3a29accf

Original comment by andrewar...@gmail.com on 14 Apr 2009 at 5:20

• Changed state: Fixed
• Added labels: Release-2.5
• Removed labels: Release-3.0