Bad Behaviour breaks OpenID 3.0

  • When I try to add an openid to my user on one WP blog with the URL of my other WP blog, Bad Behaviour blocks it.

    When I turn off BB and do it again, it works.

    If I turn BB back on and try to use the new URL as a login, BB blocks it again with a referrer error (not a form on this site) from the login URL.

    i.e. Login to site https://a.co.uk using https://b.co.uk as the URL, https://b.co.uk complains.

    That make sense?

Viewing 1 replies (of 1 total)

  • yep, I just tested it and got the same error. Basically, Bad Behavior is overly aggressive in terms of trying to block spammers… in this case not allowing any HTTP POST command unless the Referrer header is from the local site. While this level of aggressive blocking may work for most simple use-cases, it definitely does not work when you’re wanting your blog to interact with other sites. Right now, the OpenID plugin is the main usable plugin to come out of the DiSo Project, but you’ll see similar problems with other DiSo plugins such as OAuth.

    My biggest annoyance with Bad Behavior is that it intercepts ALL requests instead of intelligently intercepting requests that makes sense for the given platform. For example, with WordPress, the primary place to intercept requests is when commenting. BB has no business intercepting a request made to “/wordpress/?openid_server=1″… but hey, whatever.

Viewing 1 replies (of 1 total)
  • The topic ‘Bad Behaviour breaks OpenID 3.0’ is closed to new replies.