Why Does Azure Domain Verification Not Follow the HTTP Specification?

Mike-E 171 Reputation points
2020-03-15T14:29:25.303+00:00

Hello,

I am wanting to comment on this thread:
https://social.msdn.microsoft.com/Forums/en-US/61ef2463-c132-4246-8748-c3090e0deed0/publisher-domain-verification-fails-because-quotverification-of-publisher-domain-failed-error?forum=WindowsAzureAD

But it's saying it is now found on here, and doing a search is not returning anything, so I am now posting here. :)

I am trying to apply the answer but I am not sure how to do this? I am hosting the file in GitHub Pages. Is there a configuration there to apply perhaps? I looked around and did not see anything.

Thank you for any assistance you can provide!

EDIT: Also, to be sure, this is the error message I get: "The server returned an unexpected content type header value. [nc186]"

EDITx2: It seems this issue is caused by GitHub Pages serving pages in a more detailed manner according to the HTTP specification than what Azure Domain Verification does for its parsing.

In particular, GitHub Pages emits the charset parameter of the Content-Type header and Azure Domain Verification does not recognize or further allow this, resulting in an unnecessary error.

https://www.w3.org/International/articles/http-charset/index

So, why is this the case?

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,887 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,392 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. abraunegg 11 Reputation points
    2020-03-16T20:00:50.993+00:00

    Hi all,

    Please can Microsoft fix this by ignoring the charset if it is sent?

    I have attempted to get this resolved by:

    • Raised a case with Azure Docs, as the documentation for this issue is not correct - see https://github.com/MicrosoftDocs/azure-docs/issues/46080 - get advised to open a case with Github
    • Raising a case with jekyll - they say raise a case with Github - see https://github.com/jekyll/jekyll/issues/8006
    • Raised a case Github. After 3 week delay in response, Github support says - Github uses mime-db project which aggregates MIME types from the Apache and Nginx projects. Raise a case with mime-db for .well-known mime types.

    Now this is really not the right solution here.

    What should happen as the easiest solution point is that any .well-known requests, the Microsoft Azure process should ignore the any charset that is sent. This will fix the problem for everyone where they have zero control of the web server - ie - if you are using GitHub pages to present the content - you have zero control.

    Please can you look into this issue and come up with something workable.

    1 person found this answer helpful.
  2. Dave Patrick 426K Reputation points MVP
    2020-03-15T14:42:29.167+00:00

    The thread was not migrated. None of the MSDN/TechNet threads will be migrated to QnA, but the discussions are moving as MSDN/TechNet forums are closing down. That forum has been archived and moved to read-only status so it isn't possible to comment the thread.

    You can read on here about the migration process details.

    https://learn.microsoft.com/en-us/teamblog/msdn-technet-migration

    (please don't forget to mark helpful replies as answer)

  3. Shashi Shailaj 7,581 Reputation points Microsoft Employee
    2020-03-16T18:55:43.747+00:00

    Hello @Mike-EEE ,

    As far as I know , giihub pages does not provide ability to set per file or per repository Content-type value. The details about can be checked on here. I checked this and found that Github pages always returns application/json; charset=utf-8 however the expected content-type value is application/json and this is the reason it is not working for you. Github pages does not allow configuring this as far as I am aware. I tried testing the same in one repo and you can see in the curl output below.

    4621-gitmimetype.jpg

    As an alternative I would suggest you to host your static website on Azure Storage blob container where this would work and you would be able to complete published domain verification without an issue as far as I think. Please check the tutorial for the same.

    Hope this helps. In case the information provided in this post is helpful , please do accept it as answer so that it is helpful for other members of the community who have similar questions. In case you have any further queries , feel free to let us know and we will be happy to help.

    Thank you.

  4. Imran Brown 0 Reputation points
    2023-04-11T21:37:42.8666667+00:00

    Posting this here for folks who spent hours, searching different threads of the same issue.
    I found this deep into one thread, instead of fighting this issue there is an entirely different way to verify domains.
    https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain Add a custom domain and just update the TXT or MX records in your DNS and Azure will verify the domain that way instantly.
    This was simpler and has worked for 3 domains so far.

    0 comments