A while back was this discussion: Antonio Diaz Diaz wrote: > Thomas Cort wrote: > > At the bottom of the project page[1] there is a link "Valid HTML 4.01 > > Strict"[2]. It passes uri=referer to the validation service, but gnu.org > > forces HTTPS and browsers generally do not set the Referer header when > > leaving an HTTPS site, so the link almost never works unless you're on an > > older or insecure browser. > > Thanks for reporting this. > > It works for me[1], and uri=referer is the way recommended by the W3C in the > link below.
Some long standing legacy behavior has been caught up in the tangle as things are (slowly) changing. Due to the hostile nature of the Internet it is necessary to add more protections. Among those being more https everywhere. > Moreover, in the W3C error page for "No Referer header found!" it states > that "This is not an error in the referring page!". I think (personal opinion) that the above probably reflected that author's viewpoint that browsers should set the referrer header even when leaving an https page for a http link. But that is what the popular browsers do. Not much us unwashed masses can do about it. > I'm not sure if I like this https thing, and I do not feel like hardcoding > the url, so I'll probably remove the "Valid HTML" link. The link suggested by the validator page includes the "http:" part. But times have changed. If coming from an https page that needs to be an https link in order to have browsers set the referrer. If the page is always going to be https then that link can be changed to an https link and everything will work properly. Because the www.gnu.org pages now redirect to https if coming to an http URL we can now assume that the link should always be https too. This following should be safe. <a href="https://validator.w3.org/check?uri=referer"> <img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Strict" height="31" width="88" /></a> For general use on either http or https pages however a (new in the grand scheme of things) URL syntax is allowed. One can leave off the protocol entirely. If it is not present then the protocal of the link will be the same as the current page. (The "//" part denotes a prefix to a hostname as it has always done. If it is without a leading double slash then the path refers to the current host.) <a href="//validator.w3.org/check?uri=referer"> <img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0 Strict" height="31" width="88" /></a> The above works for either http or https pages. This is what I use on my pages. I recommend removing the "http:" part from the current page leaving it looking like the above. Hope this helps! Bob _______________________________________________ bug-ed mailing list bug-ed@gnu.org https://lists.gnu.org/mailman/listinfo/bug-ed