summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-06-16 16:37:15 -0700
committerZach Copley <zach@status.net>2010-06-16 16:37:15 -0700
commitba2bffa76e48d97e03ad0c296c2bc9767549f699 (patch)
treed34f49b59e057577d485bc24ccba26d52fcdb052
parentd3d499879c4d01bde46033a3a98f9190ea18cb63 (diff)
parentce7176d9878e298cd1ed5bc44e97aca5a4a6bc81 (diff)
Merge branch 'master' of gitorious.org:statusnet/mainline
* 'master' of gitorious.org:statusnet/mainline: Switch OpenID server's redirects from 307 to 303 to avoid prompt for form data resubmission if we were sent here from a POST request, such as when verifying the site for the first time doing an OpenID login from Drupal.
Diffstat
-rw-r--r--plugins/OpenID/openidserver.php17
1 files changed, 13 insertions, 4 deletions
diff --git a/plugins/OpenID/openidserver.php b/plugins/OpenID/openidserver.php
index afbca553f..2a414c487 100644
--- a/plugins/OpenID/openidserver.php
+++ b/plugins/OpenID/openidserver.php
@@ -69,9 +69,13 @@ class OpenidserverAction extends Action
//cannot prompt the user to login in immediate mode, so answer false
$response = $this->generateDenyResponse($request);
}else{
- /* Go log in, and then come back. */
+ // Go log in, and then come back.
+ //
+ // Note: 303 redirect rather than 307 to avoid
+ // prompting user for form resubmission if we
+ // were POSTed here.
common_set_returnto($_SERVER['REQUEST_URI']);
- common_redirect(common_local_url('login'));
+ common_redirect(common_local_url('login'), 303);
return;
}
}else if(common_profile_url($user->nickname) == $request->identity || $request->idSelect()){
@@ -90,8 +94,13 @@ class OpenidserverAction extends Action
$this->oserver->encodeResponse($denyResponse); //sign the response
$_SESSION['openid_allow_url'] = $allowResponse->encodeToUrl();
$_SESSION['openid_deny_url'] = $denyResponse->encodeToUrl();
- //ask the user to trust this trust root
- common_redirect(common_local_url('openidtrust'));
+
+ // Ask the user to trust this trust root...
+ //
+ // Note: 303 redirect rather than 307 to avoid
+ // prompting user for form resubmission if we
+ // were POSTed here.
+ common_redirect(common_local_url('openidtrust'), 303);
return;
}
}else{
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-03 21:17:52 +0000