Details
-
Bug
-
Resolution: Fixed
-
Low
Description
Hi,
The virtual host bitbucket.org. (notice the trailing .) does not redirect to bitbucket.org (without trailing .). You can thus browse all of bitbucket at http://bitbucket.org.. This breaks things like the CSRF protection that expect bitbucket.org to be the hostname.
Regards,