Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

schemeless URLs and discoverAuthorizationEndpoint() #1

Closed
jonnybarnes opened this issue Jan 29, 2014 · 2 comments
Closed

schemeless URLs and discoverAuthorizationEndpoint() #1

jonnybarnes opened this issue Jan 29, 2014 · 2 comments

Comments

@jonnybarnes
Copy link
Contributor

The method discoverAuthorizationEndpoint() fails when passed a schemeless URL such as aaronparecki.com.
@aaronpk
Copy link
Member

aaronpk commented Aug 15, 2014

I'm not sure it's safe to assume a scheme if none is present. Technically everything should be https, but it seems weird to automatically add that if no scheme is present.

@jonnybarnes
Copy link
Contributor Author

It would strike me as most sensible to pass http:// as the scheme, then follow a redirect to https:// if the server sends one.

One may even consider monitoring for HSTS headers, but that would require some kind of cache/storage of which sites have sent such a header.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonnybarnes @aaronpk