[Tagging] consider website=www.openstreetmap.org to be OK

Justin Tracey j3tracey at gmail.com
Tue Jan 26 17:22:09 UTC 2021


On 2021-01-26 3:40 a.m., Stephan Knauss wrote:
> On 26.01.2021 07:59, Mateusz Konieczny via Tagging wrote:
> 
> Technically http and https also point to different port numbers (80/443).
> It is possible to present totally different websites on 
> http://www.example.com/ and https://www.example.com/.
> 

Not only is it possible, it's very common! As someone who has 
contributed rulesets for HTTPS Everywhere[0] in the past, this is one of 
the biggest pain points: lots of websites will deliver completely 
different content for http and https versions, sometimes even for just 
specific pages on the same subdomain (a horrible thing to do, yes, but 
something that does regularly happen). When browsers allow links without 
the protocol to work, they're performing a best effort to make use of 
what is ultimately a malformed URL. Accepting such malformed URLs in a 
dataset because they usually happen to work seems like a really bad 
idea. If the guess browsers give always worked in practice, then great! 
We can set up a really easy maproullete quest and fix them all. In fact, 
there was a website set up to do basically this for HTTPS Everywhere 
rulesets: "TLScompare". But in the end, the HTTPS Everywhere devs don't 
like using it, because it doesn't always find edge cases they need to 
account for. The OSM case is simpler, since it only needs to look at 
specific pages, but the fact that it doesn't work for the general case 
tells us everything we need to know: you can't always guess the protocol 
of a broken URL.

(Also, browsers are currently in the process of rolling out native IPFS 
support, with Opera and Brave's support being basically complete, and 
Firefox's being most of the way there. IPFS, while rare now, will likely 
continue to gain popularity, and is even less likely to serve the same 
content as an HTTP(S) version.)

[0] https://github.com/EFForg/https-everywhere

  - Justin



More information about the Tagging mailing list