that's correct - you can use
an auto submit form with GET or use _javascript_
(document.location.replace) or META redirect tag to make the browser do
a GET. We are doing this for a very very long time too - mainly the
_javascript_ method as it helps in restoring the back button
functionality (better UE). - Praveen [EMAIL PROTECTED] wrote: On 7-Nov-06, at 12:34 PM, Recordon, David wrote:Moving this to the list, I really should have started it there in the first place.--David -----Original Message----- From: Recordon, David Sent: Monday, November 06, 2006 2:06 PM To: 'Dick Hardt'; Josh Hoyt Subject: RE: IdP's Advertising Both http and https Hey Dick, But the security warnings will still exist: - RP redirects me to http on IdP - IdP redirects me to https on IdP for login page (warning)no warning on GET redirects- I interact with IdP for "trust request" via https - I submit HTTPS form - IdP redirects me back to RP via http (warning)not if you do a GET redirectAm I missing something here?redirected POSTs produce a warning, redirected GETs do notI guess I'm not sure what I think we should do, though don't think this is a simple problem.We built this out with our SXIP 2.0 code. Worked fine. No warnings. -- Dick _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs |
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs