HTTP Headers vs. link rel=
ydnar
ydnar at shaderlab.com
Tue May 24 01:17:51 PDT 2005
That's reasonable, provided it's a required part of the spec.
Paul Timmins wrote:
>On Mon, 2005-05-23 at 18:03 -0700, ydnar wrote:
>
>
>>HTTP headers are nontrivial to edit for some hosting environments, and
>>subject to poisoning on the part of the ISP. Parsing the output of a GET
>>request as SGML and looking for <head><link rel="openid.server"> is
>>trivial.
>>
>>TypePad users (certain user levels) can control their own HTML templates.
>>Everything from the doctype to </html>. For this user class it would in
>>theory make sense to have an HTTP header. But what happens when a page
>>specifies a link rel as well? Which one overrides the other?
>>
>>
>
>What's wrong with allowing an authentication server specified in the
>document to override a server header? That seems like a good way to
>override a bizarre host, while allowing a sitewide auth server if none
>are otherwise specified. This also allows it to be doctype agnostic if
>it wants to be.
>
>I'd use the following logic, in ugly half-perl pseudocode:
>if (serverheader) {
>$authserver=header;
>};
>if (documenthead) {
>$authserver=documenthead;
>};
>
>if ($authserver) {
>print "Authserver is $authserver\n";
>} else {
>print "No authorization server found!\n";
>};
>
>-Paul
>
>
>
More information about the yadis
mailing list