Open GoogleCodeExporter opened 9 years ago
It isn't improper in my opinion. In such case, there's no way to properly guess
returnUrl, so the user must do so himself.
Or do you have any idea how to do it properly?
Original comment by mewp...@gmail.com
on 21 Jul 2011 at 4:03
Maybe it would be better to check if realm contains wildcard and fallback to
$_SERVER['HTTP_HOST'] if it does?
In my case the real issue is not '$this->returnUrl' but failed validation. I
think it would be ok to check in validate() if returnUrl/realm contains
wildcard and if it does check if returnUrl (stripped of wildcard) is suffix of
$this->data['openid_return_to'].
Another solution would be to throw exception if realm contains wildcard and
returnUrl is not set explicitly by user. In this case user of LightOpenID
object would be at least aware that it's necessary to set returnUrl properly
(I've spent hour tracking cause of failed validation ;))
Original comment by MKlepacz...@gmail.com
on 21 Jul 2011 at 6:33
Created a merge request to fix this issue:
https://gitorious.org/lightopenid/lightopenid/merge_requests/13
Original comment by woody.gilk
on 2 Dec 2011 at 9:28
Original issue reported on code.google.com by
MKlepacz...@gmail.com
on 21 Jul 2011 at 12:37