[OpenID] Calling OpenID 2.0 editors (was RE:Problems withOpenID and TAG httpRange-14)
Noah Slater
nslater at bytesexual.org
Thu Mar 6 19:44:38 UTC 2008
On Thu, Mar 06, 2008 at 09:15:17PM +0200, Eddy Nigg (StartCom Ltd.) wrote:
>> But given that the claimed_id now will be the result of following
>> redirects, it would be my assertion that if the claimed_id has been
>> obtained by following 302/303/307 redirects that it is quite possibly
>> not actually the user's intended OpenID.
>>
> Why this assumption?
It's not an assumption, it's bordering on the absurd that I have requote:
RFC 2616 § 10.3.4:
The new uri is not a substitute reference for the originally requested resource.
> You could for example submit example.com as your
> ID, which would be naturalized to http://example.com/ which in turn
> would be redirected to https://example.com which would return the
> claimed ID https://john.example.com/
In this specific case, normalising to http://example.com/ is fine but if this
produces a chain of 302/303/307 redirects to http://john.example.com/ the HTTP
RFC explicitly states that http://example.com/ is the correct URI.
--
Noah Slater <http://bytesexual.org/>
More information about the general
mailing list