Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blog: replace protocol-relative references to https in Atom/RSS feed #17961

Closed
yaronf opened this issue Nov 17, 2016 · 16 comments
Closed

blog: replace protocol-relative references to https in Atom/RSS feed #17961

yaronf opened this issue Nov 17, 2016 · 16 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@yaronf
Copy link

yaronf commented Nov 17, 2016

Sorry, there's no way to open an issue on the go/blog repo.

The Go Blog advertises an Atom feed, however its URL is broken (no http or https).

	<link rel="alternate" type="application/atom+xml" title="blog.golang.org - Atom Feed" href="//blog.golang.org/feed.atom" />

Similarly, each post has a link that's missing the http/https URL scheme.

Thanks!
@dominikh
Copy link
Member

These are protocol-relative URLs.

@yaronf
Copy link
Author

yaronf commented Nov 17, 2016
edited

From a security POV, see why this doesn't make sense: https://www.paulirish.com/2010/the-protocol-relative-url/

And from a standards POV, relative URLs are not allowed in feeds. https://tools.ietf.org/html/rfc4287#section-4.2.6 says: "Its content MUST be an IRI, as defined by [RFC3987]. Note that the definition of "IRI" excludes relative references."

And yes, these are formally called relative URLs, even though they're not what we usually call "relative". See https://tools.ietf.org/html/rfc3986#section-4.2.

@bradfitz bradfitz reopened this Nov 17, 2016
@bradfitz bradfitz added this to the Unreleased milestone Nov 17, 2016
@bradfitz bradfitz changed the title Blog: issues with RSS feed blog: replace protocol-relative references to https in Atom/RSS feed Nov 17, 2016
@bradfitz
Copy link
Contributor

Leaving for @broady

@gopherbot
Copy link

CL https://golang.org/cl/37883 mentions this issue.

@gopherbot
Copy link

CL https://golang.org/cl/37884 mentions this issue.

gopherbot pushed a commit to golang/playground that referenced this issue Mar 15, 2017
@broady @bradfitz
app: use https instead of protocol-relative URLs
8a314e4 
Protocol-relative URLs (//blog.golang.org/...) are redundant, we use
HTTPS everywhere.
Use the https:// scheme instead.

Updates golang/go#17961.

Change-Id: I710959584971f1fa155bab3ea623c33a9f6ab9e9
Reviewed-on: https://go-review.googlesource.com/37884
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
gopherbot pushed a commit to golang/blog that referenced this issue Mar 15, 2017
@broady
content, template: use https instead of protocol-relative URLs
f415e5b 
Protocol-relative URLs (//blog.golang.org/...) are redundant, we use
HTTPS everywhere.
Use the https:// scheme instead.

Updates golang/go#17961.

Change-Id: I6be6dd1d85f1093561ce3fa606e1ef37d75a7a60
Reviewed-on: https://go-review.googlesource.com/37883
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@ghost
Copy link

ghost commented Feb 17, 2018

I believe this is the bug I’m seeing. It still happens with the latest blog post. When I try to open a link to an article from my RSS reader (the Bamboo addon) I get an error message saying it can’t open "//blog.golang.org/…".
It was also similarly broken months ago when I was using Liferea.

@davecheney
Copy link
Contributor

Have your reported a bug to the manufactures of those products?

@yaronf
Copy link
Author

yaronf commented Feb 17, 2018

This is clearly a server-side bug. Please see my comment up this thread for an explanation why the RSS stream is not standards compliant.

@bwjohnson-ss
Copy link

This issue doesn't seem like it's got much attention in a while, but it still exists today. Any chance we can fix this?

@bradfitz
Copy link
Contributor

Looks fixed to me in the code at least:

bradfitz@gdev:~/src/golang.org/x/blog$ git grep "blog.golang.org - Atom Feed"
template/root.tmpl:     <link rel="alternate" type="application/atom+xml" title="blog.golang.org - Atom Feed" href="https://blog.golang.org/feed.atom" />

From commit golang/blog@f415e5b

@broady, was this never deployed or something? But we've had tons of blog posts since then.

@broady
Copy link
Member

broady commented Dec 19, 2018

Blog was last deployed today, so something else must be up.

@bwjohnson-ss
Copy link

To be more specific, I was referring to the actual feed content (https://blog.golang.org/feed.atom)

<link rel="alternate" href="//blog.golang.org/modules2019">

@broady
Copy link
Member

broady commented Dec 19, 2018

Ahhh, got it. OK, I'm on it.

@gopherbot
Copy link

Change https://golang.org/cl/155357 mentions this issue: blog: remove all remaining protocol-relative URLs

@bwjohnson-ss
Copy link

Hmmmm, I'm not too familiar with gopherbot and how it works, but should I expect the atom feed to be fixed now? Did the above change get deployed to prod? I don't see the fix yet.

@broady
Copy link
Member

broady commented Dec 20, 2018

It'll go out with the next deploy (either if a blog post gets published or if someone decides to deploy before then).

And yeah, as Brad notes in the CL, I forgot to prefix with golang/go because it was outside the main repo.

@golang golang locked and limited conversation to collaborators Dec 20, 2019
gopherbot pushed a commit to golang/website that referenced this issue May 26, 2021
@broady @bradfitz
[x/blog] blog: remove all remaining protocol-relative URLs
ddc582f 
Protocol-relative URLs (e.g., "//blog.golang.org") were previously
removed in the content of the blog, but not in other areas.
Notably, in the atom feed. This causes feed reader apps to fail, because
it doesn't know to use https for those URLs.

Always use the https scheme, including in the atom feed as well as a
couple remaining places in the blog template.

Fixes golang/go#17961

Change-Id: I694c888de9437937ba1910227ddae42d3eb0405c
Reviewed-on: https://go-review.googlesource.com/c/155357
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
X-Blog-Commit: 132b8627adca1170af1b36d3c471e99011ef6f8b
@rsc rsc unassigned broady Jun 23, 2022
passionSeven added a commit to passionSeven/website that referenced this issue Oct 18, 2022
@passionSeven
[x/blog] blog: remove all remaining protocol-relative URLs
0226e57 
Protocol-relative URLs (e.g., "//blog.golang.org") were previously
removed in the content of the blog, but not in other areas.
Notably, in the atom feed. This causes feed reader apps to fail, because
it doesn't know to use https for those URLs.

Always use the https scheme, including in the atom feed as well as a
couple remaining places in the blog template.

Fixes golang/go#17961

Change-Id: I694c888de9437937ba1910227ddae42d3eb0405c
Reviewed-on: https://go-review.googlesource.com/c/155357
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
X-Blog-Commit: 132b8627adca1170af1b36d3c471e99011ef6f8b
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
7 participants
@bradfitz @davecheney @broady @dominikh @yaronf @gopherbot @bwjohnson-ss