0

Another "Get rid of the Warning" problem

I have spent the last 3-4 hours now trying to get rid of that warning that Yahoo is presenting to the user. I think i have done everything right but i still get the message. I have tried so many stuff now that i don't really know what i tried and not tried.

I would be so greatfull if anyone want to take a look at http://alternativeto.net/login.aspx and try to login via yahoo and help me out.

Thanks!

by
13 Replies
  • QUOTE (Ola @ Oct 16 2009, 04:59 AM) <{POST_SNAPBACK}>
    I have spent the last 3-4 hours now trying to get rid of that warning that Yahoo is presenting to the user. I think i have done everything right but i still get the message. I have tried so many stuff now that i don't really know what i tried and not tried.

    I would be so greatfull if anyone want to take a look at http://alternativeto.net/login.aspx and try to login via yahoo and help me out.

    Thanks!


    Ola,

    The problem is you likely do not have a valid XRDS document advertised from your Realm URL. Add that (properly filled out) and Yahoo will stop complaining about your site's identity. it's all just a static XRDS doc.

    Here is a sample XRDS doc. Just change the URI tag contents to point at the URL of your login page.

    CODE
    <?xml version="1.0" encoding="UTF-8"?>
    <xrds:XRDS
    xmlns:xrds="xri://$xrds"
    xmlns:openid="http://openid.net/xmlns/1.0"
    xmlns="xri://$xrd*($v*2.0)">
    <XRD>
    <Service priority="1">
    <Type>http://specs.openid.net/auth/2.0/return_to</Type>
    <URI>http://yourdomain.com/login.aspx</URI>
    </Service>
    </XRD>
    </xrds:XRDS>


    Store this XRDS doc on your site somewhere, and point to it from your realm URL (home page, probably) using a meta tag:

    CODE
    <meta http-equiv="X-XRDS-Location" content="<your XRDS URL HERE>" />
    0
  • I already have a xrds document located here: http://alternativeto.net/xrds.aspx

    I think it should have the correct content-type and so on. I also have a meta tag both on the login.aspx page and the default document page (index.aspx).

    I also set a header Response.AddHeader("X-XRDS-Location", "http://alternativeto.net/xrds.aspx");

    But i still get the warning. It mest be something strange somewhere. Can i debug this in some way via firebug or something and see what Yahoo is looking for or something?
    0
  • QUOTE (Ola @ Oct 19 2009, 06:06 AM) <{POST_SNAPBACK}>
    I already have a xrds document located here: http://alternativeto.net/xrds.aspx

    I think it should have the correct content-type and so on. I also have a meta tag both on the login.aspx page and the default document page (index.aspx).

    I also set a header Response.AddHeader("X-XRDS-Location", "http://alternativeto.net/xrds.aspx");

    But i still get the warning. It mest be something strange somewhere. Can i debug this in some way via firebug or something and see what Yahoo is looking for or something?



    Hi Ola,

    The problem is the X-XRDS-Location is set as 'http://dev.ohso.se/xrds.xml' which is inaccessible from the yahoo login servers. I checked with the following command 'curl -v http://alternativeto.net'
    0
  • QUOTE (Dustin Whittle @ Oct 19 2009, 07:03 PM) <{POST_SNAPBACK}>
    Hi Ola,

    The problem is the X-XRDS-Location is set as 'http://dev.ohso.se/xrds.xml' which is inaccessible from the yahoo login servers. I checked with the following command 'curl -v http://alternativeto.net'


    Gah, i uploaded some local debug code. Everything should be pointing the correct way now but it still don't work.
    0
  • QUOTE (Ola @ Oct 20 2009, 10:54 AM) <{POST_SNAPBACK}>
    Gah, i uploaded some local debug code. Everything should be pointing the correct way now but it still don't work.


    The issue is the status code of the url (it must be http status code 200), currently the request is a redirect.

    curl -v http://www.alternativeto.net
    * About to connect() to www.alternativeto.net port 80 (#0)
    * Trying 72.32.147.162... connected
    * Connected to www.alternativeto.net (72.32.147.162) port 80 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.19.6 (i386-apple-darwin10.0.0) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3
    > Host: www.alternativeto.net
    > Accept: */*
    >
    < HTTP/1.1 301 Moved Permanently
    < Set-Cookie: X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8; path=/
    < Content-Length: 148
    < Date: Tue, 20 Oct 2009 22:28:58 GMT
    < Location: http://alternativeto.net/
    < Server: Microsoft-IIS/7.0
    < X-Powered-By: ASP.NET
    < Content-Type: text/html; charset=UTF-8
    <
    <head><title>Document Moved</title></head>
    * Connection #0 to host www.alternativeto.net left intact
    * Closing connection #0
    <body><h1>Object Moved</h1>This document may be found <a HREF="http://alternativeto.net/">here</a></body>

    If you want to use www.alternativeto.net instead of alternativeto.net, you should specify www.alternativeto.net in the xrds document.
    0
  • QUOTE (Dustin Whittle @ Oct 20 2009, 02:30 PM) <{POST_SNAPBACK}>
    The issue is the status code of the url (it must be http status code 200), currently the request is a redirect.

    curl -v http://www.alternativeto.net
    * About to connect() to www.alternativeto.net port 80 (#0)
    * Trying 72.32.147.162... connected
    * Connected to www.alternativeto.net (72.32.147.162) port 80 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.19.6 (i386-apple-darwin10.0.0) libcurl/7.19.6 OpenSSL/0.9.8k zlib/1.2.3
    > Host: www.alternativeto.net
    > Accept: */*
    >
    < HTTP/1.1 301 Moved Permanently
    < Set-Cookie: X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8; path=/
    < Content-Length: 148
    < Date: Tue, 20 Oct 2009 22:28:58 GMT
    < Location: http://alternativeto.net/
    < Server: Microsoft-IIS/7.0
    < X-Powered-By: ASP.NET
    < Content-Type: text/html; charset=UTF-8
    <
    <head><title>Document Moved</title></head>
    * Connection #0 to host www.alternativeto.net left intact
    * Closing connection #0
    <body><h1>Object Moved</h1>This document may be found <a HREF="http://alternativeto.net/">here</a></body>

    If you want to use www.alternativeto.net instead of alternativeto.net, you should specify www.alternativeto.net in the xrds document.


    But is Yahoo automatically looking at www.alternativeto.net cause i use http://alternativeto.net everywhere so i supposed it would be looking at http://alternativeto.net/xrds.xml? I don't really see where the www is coming from. I i do a curl -I http://alternativeto.net i do not get a redirect.

    HTTP/1.1 200 OK
    Set-Cookie: ASP.NET_SessionId=h3v5tx5541ui3nqwgyk0ur2s; path=/; HttpOnly
    Set-Cookie: pageProfileshortname=all; path=/
    Set-Cookie: currentCategory=desktop; path=/
    Set-Cookie: X-Mapping-pfddgonl=29291CB50178807E04EE211C8DF8D85B; path=/
    Cache-Control: private
    Content-Length: 78749
    Date: Wed, 21 Oct 2009 16:57:47 GMT
    X-AspNet-Version: 2.0.50727
    X-XRDS-Location: http://alternativeto.net/xrds.xml
    Server: Microsoft-IIS/7.0
    X-Powered-By: ASP.NET
    Content-Type: text/html; charset=utf-8

    Thanks for all your help!
    0
  • Anyone? I really do not get this :/
    0
  • For what I can see, the problem is that you don't send the right content type along with the xrds file. It's sent as "text/xml" but should be "application/xrds+xml".

    Make sure you add this header:

    Content-Type: application/xrds+xml

    and all should be good.

    --
    Visit http://www.ilikealot.com and share YOUR passion
    0
  • Hi Ola -

    I took a look at your site, and I can't figure out why you're seeing the warning, since you are correctly publishing the X-XRDS-Location HTTP header under your realm. We'll take a look at at our sever logs and try to debug the problem on our side.

    Thanks for your patience, I'll have a response for you tomorrow.

    Thanks
    Allen
    0
  • QUOTE (Wouter @ Oct 27 2009, 10:57 AM) <{POST_SNAPBACK}>
    For what I can see, the problem is that you don't send the right content type along with the xrds file. It's sent as "text/xml" but should be "application/xrds+xml".

    Make sure you add this header:

    Content-Type: application/xrds+xml

    and all should be good.

    --
    Visit http://www.ilikealot.com and share YOUR passion


    I tried before when i had the code in a .aspx file and then i had Content-Type: application/xrds+xml .. i can switch back to that but i think i still get the warning.

    QUOTE (atom @ Oct 27 2009, 09:44 PM) <{POST_SNAPBACK}>
    Hi Ola -

    I took a look at your site, and I can't figure out why you're seeing the warning, since you are correctly publishing the X-XRDS-Location HTTP header under your realm. We'll take a look at at our sever logs and try to debug the problem on our side.

    Thanks for your patience, I'll have a response for you tomorrow.

    Thanks
    Allen


    Thanks! It would be great if you can have a look at it and hopefully fix a problem both for me and for you guys! I will switch back to the .aspx file with "Content-Type: application/xrds+xml" tonight!
    0
  • Hi Ola,

    We investigated further, and have found the root cause. Unfortunately, we won't be able to fix it on our side until early December.

    When the Yahoo OP verifies your return_to endpoint, we make an HTTP request to the URL of the realm in your authentication request to find the XRDS document. In your case, we make an HTTP request to http://alternativeto.net/

    In order to help protect the Yahoo OP from getting stuck when making outbound requests, we impose a size limit on the amount that we'll download before we abort the request. The sizelimit is currently 50KB, which is admittedly way too small, and we'll be bumping it up to at at at least 256KB in December. The size for http://alternativeto.net/ is approximately 70KB, which exceeds our sizelimit. The sizelimit is only on the actual HTML that's downloaded when the Yahoo OP fetches your realm, it does not include any javascript/images/css/flash that's downloaded as separate objects. Most sites that use OpenID generally have very lightweight realms, so this is usually not a problem, although a few others have ran into this.

    I do agree that there's room for improvement on the Yahoo OP, and we'll fix this the next time the Yahoo OP has its regularly scheduled maintenance in December.

    In the meantime here's what you can do:

    1) Try to shrink htttp://alternativeto.net, by breaking out some of the JS/CSS into separate files
    2) Change your realm to http://alternativeto.net/login.aspx and add the following to the <head> section of the doc - as you did on your home page:
    <meta http-equiv="X-XRDS-Location" content="http://alternativeto.net/xrds.xml" />

    Hope that helps, thanks forusing OpenID, and thank you for your patience in debugging this.

    Allen
    0
  • QUOTE (atom @ Oct 28 2009, 10:03 AM) <{POST_SNAPBACK}>
    Hi Ola,

    We investigated further, and have found the root cause. Unfortunately, we won't be able to fix it on our side until early December.

    When the Yahoo OP verifies your return_to endpoint, we make an HTTP request to the URL of the realm in your authentication request to find the XRDS document. In your case, we make an HTTP request to http://alternativeto.net/

    In order to help protect the Yahoo OP from getting stuck when making outbound requests, we impose a size limit on the amount that we'll download before we abort the request. The sizelimit is currently 50KB, which is admittedly way too small, and we'll be bumping it up to at at at least 256KB in December. The size for http://alternativeto.net/ is approximately 70KB, which exceeds our sizelimit. The sizelimit is only on the actual HTML that's downloaded when the Yahoo OP fetches your realm, it does not include any javascript/images/css/flash that's downloaded as separate objects. Most sites that use OpenID generally have very lightweight realms, so this is usually not a problem, although a few others have ran into this.

    I do agree that there's room for improvement on the Yahoo OP, and we'll fix this the next time the Yahoo OP has its regularly scheduled maintenance in December.

    In the meantime here's what you can do:

    1) Try to shrink htttp://alternativeto.net, by breaking out some of the JS/CSS into separate files
    2) Change your realm to http://alternativeto.net/login.aspx and add the following to the <head> section of the doc - as you did on your home page:
    <meta http-equiv="X-XRDS-Location" content="http://alternativeto.net/xrds.xml" />

    Hope that helps, thanks forusing OpenID, and thank you for your patience in debugging this.

    Allen


    Cool! Thanks for the tips. It ofcourse always good to try to optimize the HTML. I will have a look at it and see what i can do!
    0
  • Yey!

    The warning is gone now! But i still need to optimize my site so it doesn't get that big. Just had a look at digg.com = 21kb, stackoverflow.com = 18kb, yahoo.com = 34kb .. optimization ftw!

    I can blame asp.net for some of it. You can't change the name of controls and that makes every name of every control take up lots of bits. In the new version you will have greater control over the names. Or i switch to asp.net MVC ..

    Thanks!
    0

Recent Posts

in OpenID General Discussion