--no-enforce-https has no effect in 5.0.1

Question

--no-enforce-https has no effect in 5.0.1

arcivanov opened this issue 2 years ago · comments

+ bundle exec htmlproofer --allow-hash-href --ignore-status-codes=429,999 --checks=Links,Scripts,Images,Favicons,OpenGraph --no-enforce-https --root-dir ./_site ./_site
Running 4 checks (Images, Links, OpenGraph, Scripts) in ["./_site"] on *.html files ...


Checking 234 external links
Checking 57 internal links
Checking internal link hashes in 3 files
Ran on 35 files!


For the Images check, the following failures were found:

* At ./_site/articles/3rd-party/new-sublime-text-3-plugin.html:194:

  image link //external-content.duckduckgo.com/ip/github.com.ico is a protocol-relative URL, use explicit https:// instead
...
For the Links check, the following failures were found:

* At ./_site/about.html:26:

  //fonts.googleapis.com/css?family=Oleo+Script:700 is a protocol-relative URL, use explicit https:// instead
...
For the Scripts check, the following failures were found:

* At ./_site/about.html:4:

  script link //www.googletagmanager.com/gtag/js?id=UA-2839506-6 is a protocol-relative URL, use explicit https:// instead
...
HTML-Proofer found 202 failures!

bash-5.2$ bundler exec htmlproofer --version
5.0.1

Garen Torikian · Answer 1 · Wed Nov 02 2022 22:50:01 GMT+0800 (China Standard Time)

This is not a bug and is intentionally designed this way: #750 (comment)

Albeit the error message could be tweaked, but the intent is to encourage users to stop writing //. Please see the linked issue for more history on this anti-pattern.

If you really really want these // you can use the ignore_urls config option to ignore them from failure, such as /^\/\// (a regexp saying, ignore any URL that starts with //).

Arcadiy Ivanov · Answer 2 · Thu Nov 03 2022 00:00:46 GMT+0800 (China Standard Time)

This is a regression from 4.x.
Firstly, there are legitimate reasons to have // especially for static sites.
Secondly, I don't want to ignore those URLs, I want to ignore their protocol as it's irrelevant for my purposes.
Thirdly, the option that literally says "do not enforce https" enforces HTTPS, which makes no sense.

This in the current code with 4.x worked normally for our site:

bundle exec htmlproofer --allow-hash-href \
                        --http-status-ignore=429,999 \
                        --check-html \
                        --check-opengraph \
                        --check-favicon \
                        --assume-extension \
                        ./_site

Garen Torikian · Answer 3 · Thu Nov 03 2022 00:09:57 GMT+0800 (China Standard Time)

This is a regression from 4.x.

Did you read the issue as to why this was changed?

Garen Torikian · Answer 4 · Thu Nov 03 2022 00:10:40 GMT+0800 (China Standard Time)

Please also familiarize yourself with semantic versioning—code can change between different major versions, in this case, 4 to 5. If you liked the behavior in v4, stay on v4.