You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working on upgrading indiewebify.me to run on Symfony (#82). I found some code that does not appear to run correctly on the live site. I'm not sure why, but investigating it on the development site, I'm not sure it's needed anyway.
In the validate-rel-me step, the entered URL is normalized, fetched, and any redirects are followed, using indieweb/rel-me relMeDocumentUrl(). That function returns the final URL, a boolean of whether the redirect chain was secure, and an array of the redirect chain URLs.
Then this if condition is supposed to show an error if the redirect chain was insecure. This is all before the final profile URL is parsed for rel-me values.
That if condition works on the Symfony site but does not appear to work on the live site. My site redirects http -> https, so if I enter http://gregorlove.com/, the error message shows and no rel-me URLs are parsed. This seems like a bad user experience. I can't think of a good reason to show an error like that but wanted to check if I'm forgetting something.
I think we only want to report scheme differences if the link back from a rel-me uses a different scheme, like:
<!-- on https://example.com/ --><ahref="https://github.com/example" rel="me">github</a>
<!-- on https://github.com/example --><ahref="http://example.com/" rel="me">example.com</a>
The live site will show "link back is to http:// not https://" next to that rel-me link.
Is it safe to remove that if condition in the Symfony site I'm working on?
The text was updated successfully, but these errors were encountered:
gRegorLove
changed the title
Remove the secure redirect check entered URL for validate-rel-me?
Remove secure redirect check on entered URL for validate-rel-me?
Sep 8, 2020
I'm working on upgrading indiewebify.me to run on Symfony (#82). I found some code that does not appear to run correctly on the live site. I'm not sure why, but investigating it on the development site, I'm not sure it's needed anyway.
In the validate-rel-me step, the entered URL is normalized, fetched, and any redirects are followed, using indieweb/rel-me relMeDocumentUrl(). That function returns the final URL, a boolean of whether the redirect chain was secure, and an array of the redirect chain URLs.
Then this if condition is supposed to show an error if the redirect chain was insecure. This is all before the final profile URL is parsed for rel-me values.
That if condition works on the Symfony site but does not appear to work on the live site. My site redirects http -> https, so if I enter http://gregorlove.com/, the error message shows and no rel-me URLs are parsed. This seems like a bad user experience. I can't think of a good reason to show an error like that but wanted to check if I'm forgetting something.
I think we only want to report scheme differences if the link back from a rel-me uses a different scheme, like:
The live site will show "link back is to http:// not https://" next to that rel-me link.
Is it safe to remove that if condition in the Symfony site I'm working on?
The text was updated successfully, but these errors were encountered: