You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2020/03/27 16:49:14 UTC
svn commit: r1875786 - in /httpd/httpd/branches/2.4.x: ./
docs/manual/mod/mod_userdir.xml
Author: covener
Date: Fri Mar 27 16:49:14 2020
New Revision: 1875786
URL: http://svn.apache.org/viewvc?rev=1875786&view=rev
Log:
Merge r1875785 from trunk:
add userdir same-origin warnings to mod_userdir
Submitted By: Hanno Böck <hanno hboeck.de>
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.xml
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1875785
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.xml?rev=1875786&r1=1875785&r2=1875786&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_userdir.xml Fri Mar 27 16:49:14 2020
@@ -29,6 +29,14 @@
<identifier>userdir_module</identifier>
<summary>
+<note type="warning">By using this module you are allowing multiple users
+to host content within the same origin. The same origin policy is a key
+principle of Javascript and web security. By hosting web pages in the same
+origin these pages can read and control each other and security issues in
+one page may affect another. This is particularly dangerous in combination
+with web pages involving dynamic content and authentication and when
+your users don't necessarily trust each other.</note>
+
<p>This module allows user-specific directories to be accessed using the
<code>http://example.com/~user/</code> syntax.</p>
</summary>