Issues

ZF2-339: Zend\OpenID\Consumer Generates Illegal 'openid.realm' Values

Description

When calling OpenID->selfUrl() from a directory that is not on the root of the server, it will return a 'openid.realm' value that violates the specification as implemented by several major OpenID providers (tested with MyOpenId.com and an installation of SimpleID).

The violation include the directory on which call originated from. For example, if the call originates from http://www.example.com/openid.php then the realm will be properly set to 'http://www.example.com/' however, if it originate from 'http://www.example.com/application/openid.php' then the realm will be set to 'http://www.example.com/application/' which will cause errors with at least OpenID providers.

Comments

No comments to display