https:// urls as openid servers and/or identities?

Michael Krelin hacker at klever.net
Fri Jul 22 13:05:58 PDT 2005


On Fri, Jul 22, 2005 at 09:55:32PM +0200, Wladimir Palant wrote:
> Michael Krelin wrote:
> 
> >For what I remember, I've seen check for '^http://' regex somewhere in
> >consumer perl sources, which, basically means that you shouldn't expect
> >it to work in the most cases.
> 
> Nope, the check is actually:
> 
> return $self->_fail("bogus_url", "Invalid URL") unless $url =~ 
> m!^https?://!i;
> 
> It will accept both http:// and https:// urls.

Must be the older version. Since I only looked at the code as a
reference implementation I never bothered to see if there's a newer one
available. Mine (0.11) definitely contains this:

    # do basic canonicalization
    $url = "http://$url" if $url && $url !~ m!^\w+://!;
    return $self->_fail("bogus_url", "Invalid URL") unless $url =~ m!^http://!i;
    # add a slash, if none exists
    $url .= "/" unless $url =~ m!^http://.+/!i;

I wouldn't remember if I didn't think about the limitation back then.
But the funny part that this is about the identity URL, not the server
;-)

Love,
 Michael


More information about the yadis mailing list