[OpenID] Selectively Redirecting OpenID Traffic To HTTPS
Trevor Johns
trevor at tjohns.net
Fri Jan 11 14:18:13 UTC 2008
On Jan 11, 2008, at 4:40 AM, Eddy Nigg (StartCom Ltd.) wrote:
> This can be done from within the scripting pages (assuming PHP or
> similar) or with some redirect rule which depends on your server
> software somewhat. Which server software and scripting language are
> you using?
I'm using Apache. Right now it's just a plain HTML file so I'd prefer
a mod_rewrite rule, but I can replace it with a script if needed.
Like I said, generating a redirect isn't the problem, I'm just not
sure what logic is appropriate to use when deciding whether to
redirect or not. This is the request being generated by the php-openid
2.0 server library:
GET / HTTP/1.0
User-Agent: PHP Yadis Library Fetcher
Host: hachiko.tjohns.net
Port: 80
Accept: application/xrds+xml
The user-agent isn't a reliable mechanism to use for this, and the
location being requested certainly isn't unique to OpenID clients,
which really only leaves the accept header. However, according to the
Yadis spec this isn't strictly required to be present.
I can't use an X-XRDS-Location header either, since that's only taken
into consideration after normalization completes.
--
Trevor Johns
http://tjohns.net
More information about the general
mailing list