Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use https in github urls #940

Merged
merged 4 commits into from
Sep 23, 2019
Merged

Use https in github urls #940

merged 4 commits into from
Sep 23, 2019

Conversation

nothingismagick
Copy link
Contributor

This is a trivial fix, but the xmlns links in the SVGs were using "http://www.w3.org/1999/xhtml"

I believe that xmlns="https://www.w3.org/1999/xhtml" is better so I cleaned it up wherever I could find it. I tested with a yarn link and it works as expected.

Also fixed a couple http links to the gh-pages. ;)

@coveralls
Copy link

coveralls commented Sep 19, 2019
edited
Loading

Pull Request Test Coverage Report for Build 976

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 53.536%
Totals Coverage Status
Change from base Build 964: 0.0%
Covered Lines: 2644
Relevant Lines: 4892
💛 - Coveralls

@IOrlandoni
Copy link
Member

IOrlandoni commented Sep 19, 2019
edited
Loading

Thank you for the interest in the project and the pull request!

Regarding the svg xmlns links, I'm not an expert in the matter but I believe those are not real URLs (even though they actually are) and are just namespaces as defined per specs.

Examples of the specs that show a non-https namespace can be seen by just following those URLs:

Note that the namespaces defined in the specs are not https.
With that said...

  • Am I mis-understanding something or are we just going "outside" of the specs by changing the namespace?
  • Is there any precedent for this change? Do other libraries/components/specs utilize the https namespaces? Maybe we can dig on their reasons to do so and see if we should follow.
  • Does this bring any benefit?

Again, thank you very much!

@IOrlandoni IOrlandoni self-requested a review September 19, 2019 19:49
@nothingismagick
Copy link
Contributor Author

Yeah, I dunno either if it brings a benefit. The only one I can see is that if you click that link or follow it you are making an http request in the clear and even though the response will be over https its still a request and can be theoretically man-in-the-middled / hijacked etc.

Obviously the W3C itself has an https redirect in place, because its probably easier to do that on the server-side than it is through the working groups.

@knsv
Copy link
Collaborator

knsv commented Sep 19, 2019

I will be happy to merge this if https is what it should be now days. Would appreciate if someone could investigate. Don't want to mess up peoples diagrams by misstake.

@nothingismagick nothingismagick mentioned this pull request Sep 20, 2019
Closed
@IOrlandoni
Copy link
Member

Hey! Thanks for filling the issue with the w3c!
As noted in that issue, they are really just identifiers and should be kept http.

I'd be happy to merge the change to the github url on its own!

@knsv
Copy link
Collaborator

knsv commented Sep 22, 2019

That sounds like a plan! Please update the pr:

  • Use https for the gihub urls
  • Use http in w3c urls

@nothingismagick
Copy link
Contributor Author

I reverted to HTTP - just leaving the links to github

@IOrlandoni IOrlandoni merged commit 6110640 into mermaid-js:master Sep 23, 2019
@IOrlandoni IOrlandoni changed the title feat(https): use https in SVGs Use https in github urls Sep 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IOrlandoni IOrlandoni IOrlandoni approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nothingismagick @coveralls @IOrlandoni @knsv