Configuration Guide - Pages for Bitbucket
Configuration
Pages for Bitbucket has Global and Repository configuration levels.
Global configuration
Click the Administration icon > Pages configuration to open the Pages configuration page.
Pages for Bitbucket User Documentation - Click this link to open the user documentation on a separate browser tab.
Pages in personal repositories
Allow for groups - Select the Bitbucket groups that are allowed to enable pages for the personal repositories included in that group. Leave this field blank to disable pages in personal repositories
External Domain
Pages Domain - If an external domain is enabled, all pages become public. Configuring the Pages for Bitbucket Server to serve via an external domain allows you to host arbitrary Javascript and CSS without the risk of XSS vulnerabilities. See Using external domain for pages for more information.
Insecure JavaScript / HTML / CSS sanitization options
Project’s repositories -
Disable all insecure content - Render text content only. Does not include CSS and Javascript code.
Allow CSS only - Support CSS styling of pages. Does not include Javascript code from pages.
Allow all insecure content - Support both Javascript and CSS on the page, and use only with private or fully trusted repositories.
Personal repositories -
Inherit from projects repositories - Use the same settings as the one set in the Project repositories field.
Disable all insecure content - Render text content only. Does not include CSS and Javascript code.
Allow CSS only - Support CSS styling of pages. Does not include Javascript code from pages.
Allow all insecure content - Support both Javascript and CSS on the page, and use only with private or fully trusted repositories.
When all fields have been configured, click Save.
Repository configuration
Select a repository, then click Repository settings > Web Pages to open the Repository settings page.
Security levels
Select one of the following web page content protection levels from the Allow insecure Javascript / HTML / CSS content field:
Allow all insecure content - Support both Javascript and CSS on the page, and use only with private or fully trusted repositories.
Allow CSS only - Support CSS styling of pages. Does not include Javascript code from pages.
Disable all insecure content - Render text content only. Does not include CSS and Javascript code.
Enter the path used as root of web server in the Sub-folder to serve field. Using this option limits access to the repository through the web server. Only the contents of the specified folder are served as pages.
Enable branches
If the Automatically enable pages for new branches in this repository option is enabled, the web page link is enabled for all newly created branches. You can also manually enable or disable particular branches or tags.
Web Page navigation link
If a branch link is enabled, you can select it to be used with the Web Page button in the navigation bar:
only one branch can be selected, and tags not used
default branch is selected by default
turn off the branch link to hide the Web Page button
Pages for Bitbucket vs. websites on Bitbucket Cloud
The main difference between Pages for Bitbucket and the websites feature of Bitbucket Cloud is that Pages supports websites on a repository level, not just on the account level. This brings the following advantages when compared to Bitbucket Cloud:
Websites on Bitbucket Cloud | Pages for Bitbucket |
---|---|
Only publish one repository per user. | Publish as many repositories as you want. |
Only publish a single branch of the repository. | Serve static web pages from any branch or tag. |
The website is public on the internet. Anyone with the URL can access it. | Uses the permissions of the underlying repository, which allows you to control who can access the pages. |
Only serve a website when the site's URL is | Use the custom domain you’ve configured through your Bitbucket DC. See Using External Domain for Pages for more information. |