Some OAuth providers are not well-behaved, one example being mail.ru. Their returned content type

Question

0

Editorial Team

Asked: May 22, 20262026-05-22T21:14:22+00:00 2026-05-22T21:14:22+00:00

Some OAuth providers are not well-behaved, one example being mail.ru. Their returned content type

0

Some OAuth providers are not well-behaved, one example being mail.ru.

Their returned content type is text/javascript, motivated by their developers as simplifying their debugging routines.

We could “improve” the source code of DotNetOpenAuth CTP – but from what I see it is not yet publicly available
Is there a “well-behaved” way to override the content type interpretation in the current DNOA implementation?

Thank you!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T21:14:23+00:00

Editorial Team

2026-05-22T21:14:23+00:00Added an answer on May 22, 2026 at 9:14 pm

The only way you could change the content-type that DNOA sees would be to plug in your own IDirectWebRequestHandler, which while allowed, isn’t a trivial task and fooling DNOA can often lead to security problems.

The source code to the CTP is available here, and in fact the tip of that branch has the change that makes it more lenient in this regard.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Some OAuth providers are not well-behaved, one example being mail.ru. Their returned content type

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply