custom domains only support CNAMEs not direct proxying (BB-8377)

Issue #7192 wontfix
Declan Conlon
created an issue

I have a proxy which allows me to directly connect to rather than through CNAME redirection.

I suggest that there should be a "waive rights to complain" mode where you just honour the HOST header wrt the associated repo.

The main motivation for this is to not require a subdomain, e.g. points to a proxy(notably because the proxy and the DNS server need to be co-located) rather than some spurious extra www or suchlike. So would internally map to

Comments (2)

  1. Brodie Rao

    I've put this in our backlog for others to mull over (during our next triage session), but I personally have some reservations with doing this.

    CNAMEs already have some security problems (no SSL, phishing). When you log into a CNAME site on Bitbucket, the log in happens through that domain name. If we allow sites to proxy to Bitbucket, we'd be letting people handle Bitbucket credentials, which obviously isn't great.

  2. Log in to comment