From dca4e808db89e831233e8f33b3b65c524c3bb30f Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Wed, 7 Oct 2015 14:20:55 +0000
Subject: [PATCH] Move OpenId patch around

---
 roles/ipsilon/files/openid_server.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/ipsilon/files/openid_server.py b/roles/ipsilon/files/openid_server.py
index dd7657a942..21163b6615 100644
--- a/roles/ipsilon/files/openid_server.py
+++ b/roles/ipsilon/files/openid_server.py
@@ -1043,6 +1043,12 @@ class OpenIDResponse(object):
         @change: 2.1.0 added the ENCODE_HTML_FORM response.
         """
         if self.request.mode in BROWSER_REQUEST_MODES:
+            do_post_trusts = ['http://taigastg.cloud.fedoraproject.org/', 'http://taiga.cloud.fedoraproject.org/']
+            if self.request.trust_root in do_post_trusts:
+                # Workaround, since too many clients don't follow the spec
+                return ENCODE_HTML_FORM
+            # This is more privacy friendly, as it leaks less user data
+            #  with OpenID urls in referal
             if self.fields.isOpenID1() and \
                len(self.encodeToURL()) > OPENID1_URL_LIMIT:
                 return ENCODE_HTML_FORM