Problem/Motivation
The default GRDDL profile URL set in Drupal core is outdated. It is currently set to http://www.w3.org/1999/xhtml/vocab, but this URL is a permanent redirect to http://www.w3.org/1999/xhtml/vocab/ (note the trailing slash).
Although this link is typically ignored by browsers and search engines, some other tools still follow it and detect an error, for example the W3C Link Checker.
For example, link-validating a fresh Drupal 7 website with the default Bartik theme, such as http://demo.opensourcecms.com/drupal/, reports something like:
Line: 14 http://www.w3.org/1999/xhtml/vocab redirected to http://www.w3.org/1999/xhtml/vocab/
Status: 301 -> 200 OKThe link is missing a trailing slash, and caused a redirect. Adding the trailing slash would speed up browsing.
Proposed resolution
The GRDDL profile needs to be updated to the current URL in theme.inc. The following patch does exactly this.
| Comment | File | Size | Author |
|---|---|---|---|
| #5 | drupal-grddlprofile.patch | 684 bytes | oriol_e9g |
| #3 | 1925862-3-d8.patch | 1.7 KB | oriol_e9g |
| drupal-grddlprofile.patch | 684 bytes | Krizalys |
Comments
Comment #1
interdruper commentedWhile this patch is committed, a simple alternative to avoid the W3C Link Checker warning is to add the missing slash directly to the theme's html.tpl.html:
<head profile="<?php print $grddl_profile.'/'; ?>">Comment #2
oriol_e9gNice catch
Comment #3
oriol_e9gWe need to fix first in D8.
Comment #4
mr.baileysSince this is a bug in one of the third-party components used by D8 (EasyRdf), I think the preferred approach is the report the bug upstream (EasyRdf's issue tracker), and after it has been fixed, upgrade to a newer version on our end.
Making edits to third-party code (the stuff in the /vendor folder) is not recommended, since a) newer versions of those third party libraries will cause these changes to be lost anyway, and b) we want to help out other communities in getting bugs fixed.
Comment #5
oriol_e9gOK. In the meantime we can commit the D7 patch, this is our code.
Comment #6
oriol_e9gAnd this is the issue in EasyRdf's https://github.com/njh/easyrdf/issues/153
Comment #7
mr.baileysFor D7, there has already been an issue about this (#1789810: <head> markup missing trailing slash), but it was marked as "won't fix". If you feel this shouldn't have been closed without resolution, may be it's better to re-open that issue, and keep this one about the fix against EasyRdf?
Comment #8
oriol_e9gThis is rellevant information:
Comment #9
Krizalys commentedWe have to agree with the suggestion of njh that the bug should be fixed at the source (W3C website).
I reported the URI inconsistency to the W3C, let's see what will be the feedback: https://www.w3.org/Bugs/Public/show_bug.cgi?id=23567
Comment #10
Krizalys commentedThe bug has been resolved on the W3C website.
So this issue has no more reason to remain.
Comment #11
rbruch commentedNot sure if this is the right way to bring this up but...
The link referenced above (http://www.w3.org/1999/xhtml/vocab) now redirects to a secure HTTP (HTTPS) version: https://www.w3.org/1999/xhtml/vocab
I found that this URL is defined in /includes/theme.inc on line 2627 (Drupal 7.96). Could the URL be updated to use the HTTPS link?
Comment #12
rbruch commentedComment #13
heykarthikwithuhey @rbruch, in regards to
basically HTTPS is HTTP with encryption and verification, I think url with HTTP will be sufficient in this scenario. Let me know your thoughts?
Comment #14
rbruch commentedHi @heykarthikwithu, thanks for responding.
I acknowledge up front that this is a minor issue, and it would likely not cause any problems to leave as is. But it seems like a minor change, with no unwanted side effects that I can think of.
Some background... This came to my attention when I used an automated link scanner/checker (Xenu) on one of my Drupal 7 sites. It checks "visible" links that show in the page content as well as "not-visible" links like this one. The tool gives a report about redirected links, and that's when I noticed this one. I can add an exception for this link and the tool will stop notifying about it.
However, I think generally it's better to link directly to a target web page, via HTTPS if applicable, to avoid making the remote server do the redirect/rewrite.
And I believe it may be that allowing the browser to first request HTTP may introduce an opening for security issues, see this page for some background: https://https.cio.gov/hsts/.
What do you think?
Comment #15
poker10 commentedI have done a similar scan few years ago and in D7 core there is a big amount of different links pointing to HTTP protocol (some to drupal.org, some to external sites). I am not sure if changing one specific link is worth the effort. But thanks for pointing this out @rbruch. Anyway, if we would like to continue this discussion, please open a new issue (this one is 10 years old, so we do not mix things up). Thanks!