February 9th, 2007

LJ Protest

OpenID, Yadis and the X-XRDS-Location header

Edit: It turns out I'm wrong about the spec. I should've read it more carefully. It explicitly allows the <meta> tag version of specifying the X-XRDS-Location header. The remainder of this post is unchanged for posterity.

LJ does not return the X-XRDS-Location for a person's LJ OpenID page (i.e. http://username.livejournal.com/). It returns a <meta http-equiv="X-XRDS-Location" content="http://username.livejournal.com/data/yadis" /> tag in the generated page, but not in the headers returned by the webserver.

This isn't very useful. The reason the spec specifies that the header be a webserver header is two-fold:

First an OpenID page may not be HTML at all. It might a JPEG or some other random thing. So you can't count on there being a <meta> tag to use.

Secondly, parsing HTML is hard. People do all kinds of stupid and hairy things with HTML and browsers render it OK, so they don't ever do it right. It's a ridiculous burden to place on an OpenID consumer application to have to parse HTML in order to work.

As proof that LJ does not return the proper X-XRDS-Location header, I submit the following transcript:

Collapse )

As you can see, no X-XRDS-Location header.

Why is this? Is it going to be fixed anytime soon?

  • Current Mood
    curious curious