Problem/Motivation

The default GRDDL profile URL set in Drupal core is outdated. It is currently set to http://www.w3.org/1999/xhtml/vocab, but this URL is a permanent redirect to http://www.w3.org/1999/xhtml/vocab/ (note the trailing slash).

Although this link is typically ignored by browsers and search engines, some other tools still follow it and detect an error, for example the W3C Link Checker.

For example, link-validating a fresh Drupal 7 website with the default Bartik theme, such as http://demo.opensourcecms.com/drupal/, reports something like:

Line: 14 http://www.w3.org/1999/xhtml/vocab redirected to http://www.w3.org/1999/xhtml/vocab/
Status: 301 -> 200 OK

The link is missing a trailing slash, and caused a redirect. Adding the trailing slash would speed up browsing.

Proposed resolution

The GRDDL profile needs to be updated to the current URL in theme.inc. The following patch does exactly this.

Comments

interdruper’s picture

While this patch is committed, a simple alternative to avoid the W3C Link Checker warning is to add the missing slash directly to the theme's html.tpl.html:

<head profile="<?php print $grddl_profile.'/'; ?>">

oriol_e9g’s picture

Status: Needs review » Reviewed & tested by the community

Nice catch

oriol_e9g’s picture

Version: 7.x-dev » 8.x-dev
Status: Reviewed & tested by the community » Needs review
StatusFileSize
new1.7 KB

We need to fix first in D8.

mr.baileys’s picture

Component: theme system » rdf.module
Status: Needs review » Needs work

Since this is a bug in one of the third-party components used by D8 (EasyRdf), I think the preferred approach is the report the bug upstream (EasyRdf's issue tracker), and after it has been fixed, upgrade to a newer version on our end.

Making edits to third-party code (the stuff in the /vendor folder) is not recommended, since a) newer versions of those third party libraries will cause these changes to be lost anyway, and b) we want to help out other communities in getting bugs fixed.

oriol_e9g’s picture

Version: 8.x-dev » 7.x-dev
Status: Needs work » Needs review
StatusFileSize
new684 bytes

OK. In the meantime we can commit the D7 patch, this is our code.

oriol_e9g’s picture

And this is the issue in EasyRdf's https://github.com/njh/easyrdf/issues/153

mr.baileys’s picture

For D7, there has already been an issue about this (#1789810: <head> markup missing trailing slash), but it was marked as "won't fix". If you feel this shouldn't have been closed without resolution, may be it's better to re-open that issue, and keep this one about the fix against EasyRdf?

oriol_e9g’s picture

Status: Needs review » Active

This is rellevant information:

njh commented an hour ago
Hello,

I'm afraid that the URI of the XHTML Vocabulary cannot be changed because it is a stable permanent identifier that has been defined in a lot of places. Indeed the specification on that page defines it as 'http://www.w3.org/1999/xhtml/vocab#'.

If we were to change it in EasyRdf, we would no-longer be able to interoperate with any other RDF system that also used that namespace.

I would say that the fact that http://www.w3.org/1999/xhtml/vocab redirects to http://www.w3.org/1999/xhtml/vocab/ is a bug with the W3C website.

Krizalys’s picture

We have to agree with the suggestion of njh that the bug should be fixed at the source (W3C website).

I reported the URI inconsistency to the W3C, let's see what will be the feedback: https://www.w3.org/Bugs/Public/show_bug.cgi?id=23567

Krizalys’s picture

Status: Active » Closed (works as designed)

The bug has been resolved on the W3C website.
So this issue has no more reason to remain.

rbruch’s picture

Not sure if this is the right way to bring this up but...

The link referenced above (http://www.w3.org/1999/xhtml/vocab) now redirects to a secure HTTP (HTTPS) version: https://www.w3.org/1999/xhtml/vocab

I found that this URL is defined in /includes/theme.inc on line 2627 (Drupal 7.96). Could the URL be updated to use the HTTPS link?

rbruch’s picture

Issue summary: View changes
Status: Closed (works as designed) » Active
heykarthikwithu’s picture

hey @rbruch, in regards to

Could the URL be updated to use the HTTPS link?

basically HTTPS is HTTP with encryption and verification, I think url with HTTP will be sufficient in this scenario. Let me know your thoughts?

rbruch’s picture

Hi @heykarthikwithu, thanks for responding.

I acknowledge up front that this is a minor issue, and it would likely not cause any problems to leave as is. But it seems like a minor change, with no unwanted side effects that I can think of.

Some background... This came to my attention when I used an automated link scanner/checker (Xenu) on one of my Drupal 7 sites. It checks "visible" links that show in the page content as well as "not-visible" links like this one. The tool gives a report about redirected links, and that's when I noticed this one. I can add an exception for this link and the tool will stop notifying about it.

However, I think generally it's better to link directly to a target web page, via HTTPS if applicable, to avoid making the remote server do the redirect/rewrite.

And I believe it may be that allowing the browser to first request HTTP may introduce an opening for security issues, see this page for some background: https://https.cio.gov/hsts/.

What do you think?

poker10’s picture

Status: Active » Closed (works as designed)

I have done a similar scan few years ago and in D7 core there is a big amount of different links pointing to HTTP protocol (some to drupal.org, some to external sites). I am not sure if changing one specific link is worth the effort. But thanks for pointing this out @rbruch. Anyway, if we would like to continue this discussion, please open a new issue (this one is 10 years old, so we do not mix things up). Thanks!