> -----Original Message----- > From: Mark Nottingham [mailto:m...@mnot.net] > Sent: Tuesday, May 31, 2011 4:57 PM
> The "normalized request string" contains the request-URI and values > extracted from the Host header. Be aware that intermediaries can and do > change these; e.g., they may change an absolute URI to a relative URI in the > request-line, without affecting the semantics of the request. See [1] for > details (it covers other problematic conditions too). > > It would be more robust to calculate an effective request URI, as in [2]. > [2] http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-14#section-4.3 Using the effective request URI has proved to be a significant point of friction in OAuth 1.0. I would rather note that intermediaries can change the request URI and that the server must reverse those changes based on what the values should have been if they were received from the client directly. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
