Contrib.social

Outdated GRDDL profile URL

Open on Drupal.org →
Created on 24 February 2013, over 11 years ago
Updated 5 August 2023, 11 months ago

Problem/Motivation

The default GRDDL profile URL set in Drupal core is outdated. It is currently set to http://www.w3.org/1999/xhtml/vocab, but this URL is a permanent redirect to http://www.w3.org/1999/xhtml/vocab/ (note the trailing slash).

Although this link is typically ignored by browsers and search engines, some other tools still follow it and detect an error, for example the W3C Link Checker.

For example, link-validating a fresh Drupal 7 website with the default Bartik theme, such as http://demo.opensourcecms.com/drupal/, reports something like:

Line: 14 http://www.w3.org/1999/xhtml/vocab redirected to http://www.w3.org/1999/xhtml/vocab/
Status: 301 -> 200 OK

The link is missing a trailing slash, and caused a redirect. Adding the trailing slash would speed up browsing.

Proposed resolution

The GRDDL profile needs to be updated to the current URL in theme.inc. The following patch does exactly this.

🐛 Bug report
Status

Closed: works as designed

Version

7.0 ⚰️

Component

rdf.module

Created by

🇫🇷France Krizalys

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 year ago
    rbruch

    Not sure if this is the right way to bring this up but...

    The link referenced above (http://www.w3.org/1999/xhtml/vocab) now redirects to a secure HTTP (HTTPS) version: https://www.w3.org/1999/xhtml/vocab

    I found that this URL is defined in /includes/theme.inc on line 2627 (Drupal 7.96). Could the URL be updated to use the HTTPS link?

  • Status changed to Active about 1 year ago
  • Comment about 1 year ago
    rbruch
  • Comment 12 months ago
    🇮🇳India heykarthikwithu Bengaluru 🌍

    hey @rbruch, in regards to

    Could the URL be updated to use the HTTPS link?

    basically HTTPS is HTTP with encryption and verification, I think url with HTTP will be sufficient in this scenario. Let me know your thoughts?

  • Comment 11 months ago
    rbruch

    Hi @heykarthikwithu, thanks for responding.

    I acknowledge up front that this is a minor issue, and it would likely not cause any problems to leave as is. But it seems like a minor change, with no unwanted side effects that I can think of.

    Some background... This came to my attention when I used an automated link scanner/checker (Xenu) on one of my Drupal 7 sites. It checks "visible" links that show in the page content as well as "not-visible" links like this one. The tool gives a report about redirected links, and that's when I noticed this one. I can add an exception for this link and the tool will stop notifying about it.

    However, I think generally it's better to link directly to a target web page, via HTTPS if applicable, to avoid making the remote server do the redirect/rewrite.

    And I believe it may be that allowing the browser to first request HTTP may introduce an opening for security issues, see this page for some background: https://https.cio.gov/hsts/.

    What do you think?

  • Status changed to Closed: works as designed 11 months ago
  • Comment 11 months ago
    🇸🇰Slovakia poker10

    I have done a similar scan few years ago and in D7 core there is a big amount of different links pointing to HTTP protocol (some to drupal.org, some to external sites). I am not sure if changing one specific link is worth the effort. But thanks for pointing this out @rbruch. Anyway, if we would like to continue this discussion, please open a new issue (this one is 10 years old, so we do not mix things up). Thanks!

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024