Merge branch 'master' of gitorious.org:statusnet/mainline

* 'master' of gitorious.org:statusnet/mainline:
  Switch OpenID server's redirects from 307 to 303 to avoid prompt for form data resubmission if we were sent here from a POST request, such as when verifying the site for the first time doing an OpenID login from Drupal.
This commit is contained in:
Zach Copley 2010-06-16 16:37:15 -07:00
commit ba2bffa76e

View File

@ -69,9 +69,13 @@ class OpenidserverAction extends Action
//cannot prompt the user to login in immediate mode, so answer false //cannot prompt the user to login in immediate mode, so answer false
$response = $this->generateDenyResponse($request); $response = $this->generateDenyResponse($request);
}else{ }else{
/* Go log in, and then come back. */ // Go log in, and then come back.
//
// Note: 303 redirect rather than 307 to avoid
// prompting user for form resubmission if we
// were POSTed here.
common_set_returnto($_SERVER['REQUEST_URI']); common_set_returnto($_SERVER['REQUEST_URI']);
common_redirect(common_local_url('login')); common_redirect(common_local_url('login'), 303);
return; return;
} }
}else if(common_profile_url($user->nickname) == $request->identity || $request->idSelect()){ }else if(common_profile_url($user->nickname) == $request->identity || $request->idSelect()){
@ -90,8 +94,13 @@ class OpenidserverAction extends Action
$this->oserver->encodeResponse($denyResponse); //sign the response $this->oserver->encodeResponse($denyResponse); //sign the response
$_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl(); $_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl();
$_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl(); $_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl();
//ask the user to trust this trust root
common_redirect(common_local_url('openidtrust')); // Ask the user to trust this trust root...
//
// Note: 303 redirect rather than 307 to avoid
// prompting user for form resubmission if we
// were POSTed here.
common_redirect(common_local_url('openidtrust'), 303);
return; return;
} }
}else{ }else{