Move OpenId patch around

1 files changed, 6 insertions, 0 deletions

diff --git a/roles/ipsilon/files/openid_server.py b/roles/ipsilon/files/openid_server.py
index dd7657a94..21163b661 100644
--- a/roles/ipsilon/files/openid_server.py
+++ b/roles/ipsilon/files/openid_server.py
@@ -1043,6 +1043,12 @@ class OpenIDResponse(object):
         @change: 2.1.0 added the ENCODE_HTML_FORM response.
         """
         if self.request.mode in BROWSER_REQUEST_MODES:
+            do_post_trusts = ['http://taigastg.cloud.fedoraproject.org/', 'http://taiga.cloud.fedoraproject.org/']
+            if self.request.trust_root in do_post_trusts:
+                # Workaround, since too many clients don't follow the spec
+                return ENCODE_HTML_FORM
+            # This is more privacy friendly, as it leaks less user data
+            #  with OpenID urls in referal
             if self.fields.isOpenID1() and \
                len(self.encodeToURL()) > OPENID1_URL_LIMIT:
                 return ENCODE_HTML_FORM