diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2008-04-27 13:37:38 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2008-04-27 14:30:29 -0700 |
| commit | d977ee9b93d35a0447438c75fca62970ee594959 (patch) | |
| tree | 9f48485dc0183d4854df93c4330f695adf1c2875 | |
| parent | 36dbf9ad51a0bbae12f4f4c4fe3f359992709311 (diff) | |
| download | DotNetOpenAuth-d977ee9b93d35a0447438c75fca62970ee594959.zip DotNetOpenAuth-d977ee9b93d35a0447438c75fca62970ee594959.tar.gz DotNetOpenAuth-d977ee9b93d35a0447438c75fca62970ee594959.tar.bz2 | |
Fix for Issue 72
Sending "Expect: 100 Continue" HTTP headers to some HTTP servers generates a 417 error response. This handles that response and tries again without sending that header.
| -rw-r--r-- | src/DotNetOpenId/RelyingParty/Fetcher.cs | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/DotNetOpenId/RelyingParty/Fetcher.cs b/src/DotNetOpenId/RelyingParty/Fetcher.cs index 1191cb2..73d47a8 100644 --- a/src/DotNetOpenId/RelyingParty/Fetcher.cs +++ b/src/DotNetOpenId/RelyingParty/Fetcher.cs @@ -73,6 +73,11 @@ namespace DotNetOpenId.RelyingParty { }
public static FetchResponse Request(Uri uri, byte[] body, string[] acceptTypes) {
+ return Request(uri, body, acceptTypes, false);
+ }
+
+ static FetchResponse Request(Uri uri, byte[] body, string[] acceptTypes,
+ bool avoidSendingExpect100Continue) {
if (uri == null) throw new ArgumentNullException("uri");
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
@@ -86,6 +91,17 @@ namespace DotNetOpenId.RelyingParty { request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = body.Length;
request.Method = "POST";
+ if (avoidSendingExpect100Continue) {
+ // Some OpenID servers doesn't understand Expect header and send 417 error back.
+ // If this server just failed from that, we're trying again without sending the
+ // "Expect: 100-Continue" HTTP header. (see Google Code Issue 72)
+ // We don't just set Expect100Continue = !avoidSendingExpect100Continue
+ // so that future requests don't reset this and have to try twice as well.
+ // We don't want to blindly set all ServicePoints to not use the Expect header
+ // as that would be a security hole allowing any visitor to a web site change
+ // the web site's global behavior when calling that host.
+ request.ServicePoint.Expect100Continue = false;
+ }
}
try {
@@ -101,6 +117,11 @@ namespace DotNetOpenId.RelyingParty { } catch (WebException e) {
using (HttpWebResponse response = (HttpWebResponse)e.Response) {
if (response != null) {
+ if (response.StatusCode == HttpStatusCode.ExpectationFailed) {
+ if (!avoidSendingExpect100Continue) { // must only try this once more
+ return Request(uri, body, acceptTypes, true);
+ }
+ }
return getResponse(uri, response);
} else {
throw;
|