x/website: go-talks.appspot.com present server still relies on defunct RawGit service

[jub0bs]

One can (and the likes of Dave Cheney do) point talks.godoc.org to one's present slideshow hosted on GitHub. The slideshow then runs on the server, which obviates the need for installing and running the present command on one's local machine. For instance, see https://talks.godoc.org/github.com/jub0bs/poc_present/main.slide.

However, I noticed that SVG assets hosted raw.githubusercontent.com see their URL's host rewritten to rawgithub.202132.xyz. https://rawgithub.202132.xyz permanently redirects to https://rawgit.com, which states that the RawGit project is reaching the end of its life:

RawGit is now in a sunset phase and will soon shut down. It's been a fun five years, but all things must end. [...] If you're currently using RawGit, please stop using it as soon as you can.

(my emphasis)

As a result of this URL rewrite and the RawGit project's status, such SVG assets fail to load (with a 403 response status) in present slides run on talks.godoc.org; for instance, see https://talks.godoc.org/github.com/jub0bs/poc_present/main.slide#2:

Note: a WHOIS lookup confirms that godoc.org is owned by Google; talks.godoc.org is maintained by @dmitshur.

I tracked down the offending URL rewrite to the golang/gddo project, but that project is marked as archived and no longer accepts issues or pull requests. I privately reached out to @julieqiu for guidance on Gophers Slack, who suggested I open an issue about this here.

Relying on RawGit despite its sunset status may have security implications: when RawGit becomes truly defunct, its domain names may be acquired by a malevolent actor who could serve arbitrary SVGs in place of the slideshow's authors'. I've privately reached out to Ryan Grove (RawGit's author) on Twitter, who indicated he has no plans to let domain names rawgithub.202132.xyz and rawgit.com lapse any time soon, but his plans may change, especially if the cost of ownership becomes prohibitive.

Moreover, the ability to run a slideshow on https://talks.godoc.org is valuable to the community, and isn't yet (AFAIK) supported on https://pkg.go.dev. Fixing this issue (by no longer relying on RawGit) would be a good thing.

[seankhliao]

maybe the rewrite could just be removed since github now serves svgs with content-type: image/svg+xml

[jub0bs]

Is there anything I can do to help? Could I submit a patch somewhere (if not on the golang/gddo repo, since it's archived)?

[jub0bs]

No progress in a year and a half on this. I'd like to renew my offer to help, if I can.

[jub0bs]

The problem persists to this day, and rawgithub.202132.xyz expires at the end of January 2023.

Edit (2023/03/07): rawgithub.202132.xyz was renewed until January 2024.

[ncruces]

I tried fixing a documentation link in #36692 and, in the end, no one merged it. 🤷

[lhogan3]

Is there any update on this? I just started receiving 403s for all content I have been trying to access because of this?