[cl-openid-ticket] Re: #9: Verifying the Return URL error
cl-openid
cl-openid-devel at common-lisp.net
Tue Aug 12 23:17:59 UTC 2008
#9: Verifying the Return URL error
-------------------------+--------------------------------------------------
Reporter: avodonosov | Owner: mpasternacki
Type: defect | Status: reopened
Priority: major | Milestone: HTTP client portability
Component: code | Version: 0.5 nonportable
Resolution: | Keywords:
-------------------------+--------------------------------------------------
Changes (by avodonosov):
* resolution: fixed =>
* status: closed => reopened
Comment:
Fixed only partially: parameters are verified as required in the spec.
But wrong uri is used. Instead of comparing return-to in the message with
the requested return-to, we must compare return-to in the message with the
*uri of the current HTTP request*.
Implementation hint: I would prefer it as a parameter to handle-indirect-
response.
--
Ticket URL: <http://trac.common-lisp.net/cl-openid/ticket/9>
cl-openid <http://common-lisp.net/project/cl-openid>
cl-openid
More information about the cl-openid-ticket
mailing list