Document HTTPS badge and referer issues more prominently.
authorVille Skyttä <ville.skytta@iki.fi>
Sat, 06 Nov 2010 10:15:25 +0200
changeset 3153a2884dc7aa27
parent 3152 c08e6d3685d8
child 3154 3705099f9260
Document HTTPS badge and referer issues more prominently.
htdocs/docs/help.html
     1.1 --- a/htdocs/docs/help.html	Fri Nov 05 23:16:52 2010 +0200
     1.2 +++ b/htdocs/docs/help.html	Sat Nov 06 10:15:25 2010 +0200
     1.3 @@ -67,6 +67,7 @@
     1.4  	  <ol>
     1.5  	    <li><a href="#icon-usage">My document is valid, can I use your "valid" icon?</a></li>
     1.6  	    <li><a href="#icon-list">Is there a list of all available icons somewhere?</a></li>
     1.7 +	    <li><a href="#icon-https">Why do I see warnings about "insecure items" when viewing my page after including the icon?</a></li>
     1.8  	    <li><a href="#icon-license">License and Guidelines for usage of the "valid" icons</a></li>
     1.9  	    <li><a href="#icon-deriv">Can I modify the existing icons to create my own?</a></li>
    1.10  	    <li><a href="#icon-invalidpage">I saw the "valid" icon displayed on a site but the page is invalid. What should I do?</a></li>
    1.11 @@ -353,6 +354,19 @@
    1.12    <h5 id="icon-list">Is there a list of all available icons somewhere?</h5>
    1.13    <p>The <a href="http://www.w3.org/QA/Tools/Icons">full list of "valid" icons</a> is available on the W3C website.</p>
    1.14  
    1.15 +  <h5 id="icon-https">Why do I see warnings about "insecure items" when viewing my page after including the icon?</h5>
    1.16 +  <p>
    1.17 +    Many browsers display this warning when viewing documents transferred over
    1.18 +    a secure protocol such as HTTPS if the documents contain items that are
    1.19 +    transferred over a non-secure protocol such as unencrypted HTTP. As W3C
    1.20 +    does not currently provide the "valid" icons over HTTPS, you may want to
    1.21 +    copy and serve the icons from a HTTPS enabled server elsewhere and link to
    1.22 +    those copies instead of the W3C originals in your documents that are
    1.23 +    transferred over a secure protocol to avoid this warning. See also HTTPS
    1.24 +    related documentation in the <a href="#faq-referer">"/check?uri=referer"
    1.25 +      FAQ entry</a>.
    1.26 +  </p>
    1.27 +
    1.28    <h5 id="icon-license">License and Guidelines for usage of the "valid" icons</h5>
    1.29    <p>Web content providers are granted the right to use the "W3C valid" logo
    1.30    on pages that pass validation (through the use of the 
    1.31 @@ -512,6 +526,17 @@
    1.32        find what the URL of the document to validate is, and gives the same error message as when it is
    1.33        given a type of URL it does not understand.</p>
    1.34  
    1.35 +      <p>
    1.36 +        Also, requests to non-secure HTTP resources from links in documents
    1.37 +        transferred with a secure protocol such as HTTPS should not include
    1.38 +        referrer information
    1.39 +        <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3">per the HTTP/1.1 specification</a>.
    1.40 +        As the validator at validator.w3.org is currently not available over
    1.41 +        HTTPS, this referrer feature will not work reliably for documents
    1.42 +        transferred over secure protocols (usually <code>https</code> URLs)
    1.43 +        with it.
    1.44 +      </p>
    1.45 +
    1.46        <p><strong>How to fix</strong>:</p>
    1.47        <ul>
    1.48  	<li>Check that it is indeed the <code>Referer</code> issue. The validator should have redirected you to
    1.49 @@ -520,7 +545,7 @@
    1.50  	whichever zealous software is stripping this referrer info.</li>
    1.51  	<li>If you have a link on your page using the "/check?uri=referer" feature, you could replace them with the
    1.52  	a link to the validator without this feature, e.g. <code>http://validator.w3.org/check?uri=http%3A%2F%2Fwww.example.com</code></li>
    1.53 -	<li>If you have no control over the page or annoying software, simply append the address of the page you wanted validated (URI encoded)
    1.54 +	<li>If you have no control over the page or annoying software, or your page's URL is a <code>https</code> one, simply append the address of the page you wanted validated (URI encoded)
    1.55  	to the <code>http://validator.w3.org/check?uri=</code> address.</li>
    1.56       </ul>
    1.57    <h4 id="faq-batchvalidation">Can the validator check all the pages in my site in one batch?</h4>