On Wed, 2008-03-19 at 23:54 +0900, James Henstridge wrote: > The fact that some sites incorrectly resolved the redirect to > "/about/" is probably due to the non-standard response headers for > http://bytesexual.org/ -- it contains a relative URI reference in the > location header, while the spec requires an absolute URI. > > Do you have more information about which sites exhibit which > behaviour? Or better yet, which libraries they are using?
The current behaviour of all openidenabled.com libraries would be to either a) fail, due to the relative Location header (this may depend on what http client backend is used), or b) normalize that as http://bytesexual.org/about/ given Johnny's earlier comments, I expect that openid4java behaves the same way, and I'd expect the same from the -- well, I was going to say "early Perl implementations", but really, I can't think of an implementation that I *wouldn't* expect that behaviour from. (Unless perhaps Noah or Sam Ruby have written their own implementations.) And my hunch is that the implementation which resolved it as bytesexual.org did so not because it was honoring 303 vs 302 semantics, but because it wasn't properly normalizing with redirects at all. (I'd happy to be shown wrong on that count.) _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs