ほんとは BBS-40162 にダイレクトに誘導したいんだけど、おそらくこれ、ワタシしか読めないんじゃないかと思われるので、丸ごと引用しとく(英語の間違いには気付いたが編集できないんでほったらかし)。なんかね、「January 16th, 2017. After March 1st, 2017」まで待てばいいんだぜぃ、言われとるような気がしてるのだが、こっちに言わせりゃ、をぃをぃ、半年もこの不健全な状態続けさせるわけ? と思ったりすんのな。次の反応によってはそういうツッコミ入れちゃうかもしんない。
Your request status changed to Atlassian Investigating.
Questions and New Request;
In the first place, `my mistakes’ is came from the fact that though it is considered `phrase contains accountname’ (in my situation, it is `src.hhsprings’) is `accountname’ but we can’t notice it, because https://confluence.atlassian.com/bitbucket/publishing-a-website-on-bitbucket-cloud-221449776.html is just saying “Name it using the following format: accountname.bitbucket.org.”. You need the example which corresponds to my case, don’t you?
I’d planed to move the isolated ‘src.hhsprings.bitbucket.org’ repository to the other existed repository, i.e., I wanted to delete it, but your mail was incoming. What will be happen if I delete ‘src.hhsprings.bitbucket.org’ repository?
For now, access to `https://src.hhsprings.bitbucket.org/‘ is still rejected (exactly saying `is received warning’) by the browser. If I wait, may I think that it will be fixed? When? (But actually in my case, `https://hhsprings.bitbucket.org/‘ is real the case.)
By the way…`self hosted certs’ you mention is what? As I wrote it for the first issue, I have not ever considered to host my static website as https, so I have not ever considered certificates too.
‘src.hhsprings.bitbucket.org’ was just my private repository I thought, but `https://hhsprings.bitbucket.org/‘ is true `static website’ I intended, but to this, it does not seem to be considered as `added SSL for your security`. Please add SSL to it rather than `https://src.hhsprings.bitbucket.org/‘.
Your request status changed to Waiting For Customer.
The Bitbucket Cloud platform only supports secure browsing through https except for the hosted static sites. This is a clear security hole for the platform, and therefore we are taking action to close this hole. The new .io hosting will use the same certificates that we currently use for the Bitbucket Cloud platform, so there should be no issue with users accessing the static site. If you use a configuration within that repo that uses self hosted certs, or non https standards, then this will not be supported when we make the switch. There are no plans to change this in any way, and the change is a matter of protecting all of our end users. Feel free to let me know if you have any questions.
Senior Bitbucket Support Engineer
Your request status changed to Internal Escalation.
Ronald Chia [Atlassian]
Thank you for contacting Atlassian Support in regards your concern.
I’m afraid that the static websites that we provided do allow any user to access the webpage as long they have the URL even thou the source is from a private repository.
As you can see from our documentation below:
As regards to the SSL question that you mention, please allow me to review it with our senior member of the team.
We will provide you with an official respond as soon as possible.
Thank you for your understanding.
- Please add any details that might help us help you.
To me, email was sent from Atlassian Bitbucket:
We’re emailing you because you host a static website using Bitbucket.
You can now access your site using https://src.hhsprings.bitbucket.io -
we’ve added SSL for your security.
Don’t worry: your site is still accessible at http://src.hhsprings.bitbucket.org.
We will begin automatically redirecting traffic from the .org TLD to .io on
January 16th, 2017. After March 1st, 2017,
requests to http://src.hhsprings.bitbucket.org will no longer be supported.
HTTPS is required for all requests to https://src.hhsprings.bitbucket.io.
Please update any links or references to http://src.hhsprings.bitbucket.org
to instead point to https://src.hhsprings.bitbucket.io. If you have any
questions, please refer to
The Bitbucket team
First, src.hhsprings.bitbucket.org is my PRIVATE repository for managing contents and sources for http://hhsprings.bitbucket.org.
Second, access to “https” would be rejected by the browsers, because certificates are self-signed.
(Third, generally, I am not going to host static website on bitbucket If SSL is required.)
Reffered link doesn’t answer to my question. If we will have to use SSL always, please consider the problem for certificates.
- Level 4
- Customer Timezone