validators: detect when an iframe redirects to canonical

iparamonau · iparamonau · commit b457cb40200a · 2025-09-19T10:31:09.000-04:00
diff --git a/lib/core.js b/lib/core.js
@@ -1122,17 +1122,21 @@
             var link = links[i];
 
             // Remove canonical links.
-            if (typeof canonical === 'string' && link.href && typeof link.href === 'string' && link.rel && link.rel.indexOf(CONFIG.R.file) === -1 && link.rel.indexOf(CONFIG.R.iframely) === -1) {
+            if (typeof canonical === 'string' && link.href && typeof link.href === 'string' 
+                && link.rel && link.rel.indexOf(CONFIG.R.file) === -1 
+                && link.rel.indexOf(CONFIG.R.iframely) === -1 && link.rel.indexOf(CONFIG.R.oembed) == -1 
+                && !/\/embed\//i.test(canonical)) {
 
-                // Remove last / from url.
+                // Remove trailing `/`` from url.
 
                 var link1 = link.href.replace(/\/+$/, '');
                 var link2 = canonical.replace(/\/+$/, '');
+                var link3 = link._uri?.replace(/\/+$/, '');
 
-                if (link1 === link2 && link.rel.indexOf(CONFIG.R.oembed) == -1 && !/\/embed\//i.test(canonical)) {
-                    // allow the canonical links for oEmbeds, as such mistakes are usually made for OG and Twitter:
-                    // if publisher has oEmbed, he is most likely to have the valid embed codes
-                    link.error = "Removed canonical link";
+                if (link1 === link2) {
+                    link.error = "Canonical link is removed unlesss explicitely allowed";
+                } else if (link3 === link2) {
+                    link.error = "Link redirected to the canonical";
                 }
             }
 
@@ -1182,7 +1186,7 @@
                     link.sourceId = i;
                 }
 
-                if ('_imageMeta' in link || '_imageStatus' in link) {
+                if ('_imageMeta' in link || '_imageStatus' in link || '_uri' in link) {
 
                     var newLink;
                     if (options.debug) {
@@ -1193,6 +1197,7 @@
 
                     delete newLink._imageMeta;
                     delete newLink._imageStatus;
+                    delete newLink._uri;
                     links[i] = newLink;
                 }
 
diff --git a/lib/plugins/validators/async/21_checkContentType.js b/lib/plugins/validators/async/21_checkContentType.js
@@ -134,6 +134,9 @@ export default {
 
                 if (!link.error && data.url !== link.href) {
 
+                    // We'll use _url in the core to validate href against redirects to canonical
+                    link._uri = data.url;
+
                     // Catch https -> http redirects for iFrames
                     if (/^(?:https:)?\/\//.test(link.href) && /^http:\/\//.test(data.url)) {
                         link.href = data.url;
