search

fritte02 / lightopenid

Automatically exported from code.google.com/p/lightopenid
0 stars 0 forks source link

wrong mimetype check in openid.php ? #69

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
at line 430 in openid.php we have:

                if (isset($headers['content-type'])
                    && (strpos($headers['content-type'], 'application/xrds+xml') !== false
                        || strpos($headers['content-type'], 'text/xml') !== false)
                ) {
                    # Apparently, some providers return XRDS documents as text/html.
                    # While it is against the spec, allowing this here shouldn't break
                    # compatibility with anything.
                    # ---
                    # Found an XRDS document, now let's find the server, and optionally delegate.
                    $content = $this->request($url, 'GET');

I had exactly the problem, as stated in above comment, that when doing an HTTP 
HEAD request the 
returned mimetype 'text/html' however when doing an HTTP GET  request it 
returns an XRDS document with as mimetype 'application/xrds+xml'.  
However it appears for me that the comment only makes sense if you change in 
the if statement 'text/xml' to 'text/html'!
So I guess it is a type?  At least it solved my problem: allowing also 
'text/html' in the if statement so that it is going to
fetch and parse the XRDS document.

Thus I propose change line 432;
                        || strpos($headers['content-type'], 'text/xml') !== false)
into:
                        || strpos($headers['content-type'], 'text/html') !== false)

Best regards,
Harco Kuppens

Original issue reported on code.google.com by H.Kupp...@gmail.com on 18 Jun 2013 at 10:38

GoogleCodeExporter commented 9 years ago 
I just spent a good while tracking down why openid->identity was always coming 
back with https://open.login.yahooapis.com/openid20/user_profile/xrds  for yahoo
long story short, the mentioned if statement was failing... and lightopenid 
incorrectly updated the value for identity/claimed_id

I'm guessing the if statement is meant to check for
'application/xrds+xml' || 'text/xml' || 'text/html'

Original comment by kent.b...@gmail.com on 31 Jan 2014 at 6:26

GoogleCodeExporter commented 9 years ago 
rss feeds

Original comment by er.re...@outlook.de on 1 Feb 2014 at 5:58

GoogleCodeExporter commented 9 years ago 
If you include text/html providers like flicker, wordpress, blogger, etc, will 
only give you an endless redirection.

Original comment by psykick....@gmail.com on 24 Feb 2014 at 12:17