Opened 4 years ago

#941 new defect

OpenID fails with https site

Reported by: sazius Owned by:
Priority: major Milestone:
Component: programming Keywords: openid
Cc: Parent Tickets:

Description

When I try to log in with OpenID on my Mediagoblin site it fails with the following error:

Verification of None failed: return_to does not match return URL. Expected u'https://media.saz.im/auth/openid/login/finish/', got u'http://media.saz.im/auth/openid/login/finish/?janrain_nonce=SIKRITSTUFF'

where I have replaced the nonce with SIKRITSTUFF just to be sure :-)

In the file plugins/openid/views.py line 52 looks like this:

host = 'http://' + request.host

If I replace the "http" with "https" here OpenID works. My server does have automatic rewrite of http => https so that is not the problem. So perhaps it is possible to detect if we are serving over https and setting that accordingly?

Subtickets

Change History (0)

Note: See TracTickets for help on using tickets.