-
Type:
Suggestion
-
Resolution: Unresolved
-
None
-
Component/s: Security - XSS
-
None
As a Bitbucket Data Center administrator, I need to configure multiple hostnames (e.g., one for internal network access and one for external/internet access) without triggering XSRF check failures or forced redirects to the configured base URL.
Currently, Bitbucket only supports a single base URL. When users access the instance via an alternative hostname:
- They are redirected to the configured base URL
- POST requests fail with 403 "XSRF check failed" because the browser's Origin header doesn't match the configured base URL
Use case:
- Internal users access via internal.company.com (resolves to private IP)
- External users access via external.company.com (resolves to public-facing IP/load balancer)
- Both should work without XSRF failures or redirect loops
Current workaround: Split-horizon DNS (single hostname resolving to different IPs based on network). This works but adds DNS complexity and isn't always feasible in all network environments.
Related (closed) in the past: BSERV-8481