Ignore HTTPS on a single link

[tomtom5152]

Currently if EnforceHTTPS is enabled, then all links are checked to be HTTPS. Some legacy sites though do not work properly over HTTPS, so the best link is the HTTP version, however this will cause the tests to fail unless the link is ignored entirely.

It should be possible to ignore HTTPS for a single link, whilst still performing the rest of the checks.

[wjdp]

Is your link an anchor (<a href) as opposed to a linked stylesheet or JS asset?

The purpose of this check is to help avoid mixed-content warnings. In which case external anchor links happening over HTTP is of little concern. I would be open to changing the behaviour of this.

[tomtom5152]

Yes it is, the third party site linked to doesn't support HTTPS fully (broken stylesheets mainly).

Not sure if a full behaviour change is the best course, I think this tool should encourage HTTPS everywhere, so per link might be a good option.

[wjdp]

I was thinking of splitting the option between enforcing HTTPS for links (JS/CSS/Images) and for hyperlinks (external websites).

EnforceHTTPSResources & EnforceHTTPSAnchors

or

EnforceHTTPS & IgnoreInsecureAnchors

Struggling to come up with good names...

Perhaps another ignore tag is a better option, though personally I'm hesitant to add this.

Another thing to consider is what to do when IgnoreInsecureAnchors is true. I'd like to generate a warning. (Then again is ignore good wording for this? It's what we do already for IgnoreCanonicalBrokenLinks)

[tomtom5152]

Could there be a PermitInsecureAnchors that still generates a warning (not error) but does not cause the test to fail?

[wjdp]

Ooh, that's a better name. I like that :smile: