14

I have been looking for a place to store some of my XML schemas publicly without actually having to host them. I decided GitHub Pages would be the ideal platform. I was correct except that I cannot figure out how to turn off SSL/TLS. When I try to fetch my pages with plain old HTTP I get a 301 Moved Permanently response.

So obviously this isn't a big deal. Worst case scenario it takes a little longer to download my schemas, and people generally only use schemas that they've already cached anyway. But is there really no way to turn this off?

William Rosenbloom
  • 2,506
  • 1
  • 14
  • 37
  • Why not just make the request over HTTPS? – Xiong Chiamiov Mar 27 '17 at 23:55
  • Because it is simple to proxy HTTP. And it is safe if you verify the hash afterwards. With HTTPS you need to distribute your root certificate to use a proxy. That is one of the reasons why linux packages are often downloaded using http. – Morty Oct 22 '20 at 12:04

2 Answers2

11

From github help :

HTTPS enforcement is required for GitHub Pages sites created after June 15, 2016 and using a github.io domain.

So, you have two solutions :

  • find a github.io repository older than June 15, 2016
  • set a custom domain name on your github.io
David Jacquel
  • 51,670
  • 6
  • 121
  • 147
3

But is there really no way to turn this off?

No, and a simple curl -L would follow the redirection and get you the page content anyway.

For instance (get an xml file in a tree structure):

vonc@vonvb C:\test
> curl --create-dirs -L -o .repo/local_manifests/local_manifest.xml -O -L https://raw.githubusercontent.com/legaCyMod/android_local_manifest/cm-11.0/local_manifest.xml
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   530  100   530    0     0   1615      0 --:--:-- --:--:-- --:--:--  1743

vonc@voncvb C:\test
> tree /F .
C:\TEST
└───.repo
    └───local_manifests
            local_manifest.xml
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I understand that I can follow redirects, but a redirect from HTTP to HTTPS takes even longer than HTTPS alone. – William Rosenbloom Aug 16 '16 at 20:33
  • @WilliamRosenbloom True, I agree. Is that a concern in your case though? Do you have to fetch that many pages in such a short period that the redirect overhead begins to have an actual impact? – VonC Aug 16 '16 at 20:47
  • No honestly none of this ***really*** matters at the moment. I even admit that in the last paragraph of my question. I'm just curious because it seems like the convention is to use plain HTTP and I feel like that would be more professional. – William Rosenbloom Aug 16 '16 at 20:49
  • @WilliamRosenbloom with http2, the convention shifts more and more to https. (https://http2.github.io/faq/#does-http2-require-encryption) – VonC Aug 16 '16 at 21:23