1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues

Issues

Issue #10175 invalid

Maven SiteDoc support: Permit publishing HTML on the Wiki

Lennart Jörelid
created an issue

Maven has a comprehensive site documentation system which uses the maven-site-plugin (and other plugins, such as maven-plantuml-plugin, cobertura-maven-plugin, maven-javadoc-plugin etc.) to generate HTML documentation from a slush of markup languages and resources.

The result of running mvn site is generated as HTML and corresponding resources (images, CSS etc.). I used to simply check in the result of the Maven Site documentation in the wiki - but nowadays Bitbucket does not serve HTML pages with the "text/html" mimetype implying that the site documentation is not visible.

Could you guys please re-introduce support for premade HTML so we can use the Maven site documentation generated by our project as our wiki documentation?

Comments (8)

  1. Lennart Jörelid reporter

    This issue is somewhat related to the other "HTML in markdown"-support issues, but simpler.

    Basically, could you ensure that Wiki documents with the suffix html or htm are served with the mime type text/html instead of text/plain?

  2. Erik van Zijst staff

    No, we cannot do that.

    The wiki pages are hosted on the bitbucket.org domain. This means that any html/js that is served off of it (like you Cobertura reports) can make request to Bitbucket using the user's cookie, thereby compromising people's accounts. This is the reason that we very deliberately serve HTML as text/plain and not as as text/html.

    The only place where you can serve actual HTML is on hosted repos (see https://confluence.atlassian.com/display/BITBUCKET/Publishing+a+Website+on+Bitbucket) and so as a workaround you could make a script that publishes your HTML reports by committing them to your hosted repo. You can then link to them from the wiki.

  3. Lennart Jörelid reporter

    I don't follow.

    Why would bitbucket.org accept an unauthenticated request from a HTML document served off of the bytebucket.org domain? If you are concerned about the content in the documents, it seems that actual support for Maven site documentation within bitbucket.org would solve that problem (i.e. implying you could validate whatever markup, CSS or script which was generated for compliance).

  4. Erik van Zijst staff

    Why would bitbucket.org accept an unauthenticated request from a HTML document served off of the bytebucket.org domain?

    You are quite right, static wiki content (anything that doesn't end in .wiki) is served off of bytebucket.org and indeed, rendered content there shouldn't pose any risk.

    However, the bytebucket.org domain is intended to provide a way for us to safely serve up rendered content (images, really) that is part if of a wiki page. Since some image formats are susceptible to in-browser exploits, we need to serve them off a different domain.

    Since bytebucket.org is an entirely separate service for which we do not issue cookies, when you view a private wiki page that needs to load an image, we add a temporary auth token to the URL. This token is validated by bytebucket.org so that only users that have access to the private wiki page can access its static content.

    It's this token that makes serving static HTML sites off of a (private) wiki problematic, even if we served it as text/html.

    On your Home.wiki landing page you could list a link to you cobertura/index.html and Bitbucket would slap an auth token onto the URL so that you can click the link and render the page, but any link inside the static HTML would lack those tokens and would therefore result in 403s.

    To do what you want you should probably look at hosted repos. They are intended to serve static content and they do not suffer from the auth token problem, as every hosted repo is always public.

    Hope this clarifies the situation a bit.

  5. Log in to comment