Hi there @huehnerlady! We experimented with a few different ways to have a nicer pattern for the default subdomain of private pages sites, but ultimately decided that the generated name was the only way to ensure the default URL was secure. Due to the Same-Origin policy, if the page was served from the path like it is for public pages sites, the content on the site would be at risk of XSS style attacks, and is therefore not supported for internal/private pages.
The pattern where
myorga.github.io/myrepo redirects to the authenticated (internal) page is intended to serve a similar use case to a URL shortener; meaning the easier to remember URL ultimately is responsible for looking up the domain name of the internal page and redirecting users so that the content is served securely from the site’s unique origin.
The other option for a cleaner domain is to add a custom domain to the internal site. Since the custom domain is a unique origin, it’s more secure than using path-based routing, and allows you full control of the URL of the page.
Hope that helps explain what’s going on!