New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
blog: replace protocol-relative references to https in Atom/RSS feed #17961
Comments
These are protocol-relative URLs. |
From a security POV, see why this doesn't make sense: https://www.paulirish.com/2010/the-protocol-relative-url/ And from a standards POV, relative URLs are not allowed in feeds. https://tools.ietf.org/html/rfc4287#section-4.2.6 says: "Its content MUST be an IRI, as defined by [RFC3987]. Note that the definition of "IRI" excludes relative references." And yes, these are formally called relative URLs, even though they're not what we usually call "relative". See https://tools.ietf.org/html/rfc3986#section-4.2. |
Leaving for @broady |
CL https://golang.org/cl/37883 mentions this issue. |
CL https://golang.org/cl/37884 mentions this issue. |
Protocol-relative URLs (//blog.golang.org/...) are redundant, we use HTTPS everywhere. Use the https:// scheme instead. Updates golang/go#17961. Change-Id: I710959584971f1fa155bab3ea623c33a9f6ab9e9 Reviewed-on: https://go-review.googlesource.com/37884 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Protocol-relative URLs (//blog.golang.org/...) are redundant, we use HTTPS everywhere. Use the https:// scheme instead. Updates golang/go#17961. Change-Id: I6be6dd1d85f1093561ce3fa606e1ef37d75a7a60 Reviewed-on: https://go-review.googlesource.com/37883 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
I believe this is the bug I’m seeing. It still happens with the latest blog post. When I try to open a link to an article from my RSS reader (the Bamboo addon) I get an error message saying it can’t open "//blog.golang.org/…". |
Have your reported a bug to the manufactures of those products? |
This is clearly a server-side bug. Please see my comment up this thread for an explanation why the RSS stream is not standards compliant. |
This issue doesn't seem like it's got much attention in a while, but it still exists today. Any chance we can fix this? |
Looks fixed to me in the code at least:
From commit golang/blog@f415e5b @broady, was this never deployed or something? But we've had tons of blog posts since then. |
Blog was last deployed today, so something else must be up. |
To be more specific, I was referring to the actual feed content (https://blog.golang.org/feed.atom)
|
Ahhh, got it. OK, I'm on it. |
Change https://golang.org/cl/155357 mentions this issue: |
Hmmmm, I'm not too familiar with gopherbot and how it works, but should I expect the atom feed to be fixed now? Did the above change get deployed to prod? I don't see the fix yet. |
It'll go out with the next deploy (either if a blog post gets published or if someone decides to deploy before then). And yeah, as Brad notes in the CL, I forgot to prefix with |
Protocol-relative URLs (e.g., "//blog.golang.org") were previously removed in the content of the blog, but not in other areas. Notably, in the atom feed. This causes feed reader apps to fail, because it doesn't know to use https for those URLs. Always use the https scheme, including in the atom feed as well as a couple remaining places in the blog template. Fixes golang/go#17961 Change-Id: I694c888de9437937ba1910227ddae42d3eb0405c Reviewed-on: https://go-review.googlesource.com/c/155357 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> X-Blog-Commit: 132b8627adca1170af1b36d3c471e99011ef6f8b
Protocol-relative URLs (e.g., "//blog.golang.org") were previously removed in the content of the blog, but not in other areas. Notably, in the atom feed. This causes feed reader apps to fail, because it doesn't know to use https for those URLs. Always use the https scheme, including in the atom feed as well as a couple remaining places in the blog template. Fixes golang/go#17961 Change-Id: I694c888de9437937ba1910227ddae42d3eb0405c Reviewed-on: https://go-review.googlesource.com/c/155357 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> X-Blog-Commit: 132b8627adca1170af1b36d3c471e99011ef6f8b
Sorry, there's no way to open an issue on the go/blog repo.
The Go Blog advertises an Atom feed, however its URL is broken (no http or https).
Similarly, each post has a link that's missing the http/https URL scheme.
Thanks!
The text was updated successfully, but these errors were encountered: