You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2020/03/27 16:48:46 UTC

svn commit: r1875785 - /httpd/httpd/trunk/docs/manual/mod/mod_userdir.xml

Author: covener
Date: Fri Mar 27 16:48:46 2020
New Revision: 1875785

URL: http://svn.apache.org/viewvc?rev=1875785&view=rev
Log:
add userdir same-origin warnings to mod_userdir

Submitted By: Hanno Böck <hanno hboeck.de>

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_userdir.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_userdir.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_userdir.xml?rev=1875785&r1=1875784&r2=1875785&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_userdir.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_userdir.xml Fri Mar 27 16:48:46 2020
@@ -29,6 +29,14 @@
 <identifier>userdir_module</identifier>
 
 <summary>
+<note type="warning">By using this module you are allowing multiple users
+to host content within the same origin. The same origin policy is a key
+principle of Javascript and web security. By hosting web pages in the same
+origin these pages can read and control each other and security issues in
+one page may affect another. This is particularly dangerous in combination
+with web pages involving dynamic content and authentication and when
+your users don't necessarily trust each other.</note>
+
 <p>This module allows user-specific directories to be accessed using the
 <code>http://example.com/~user/</code> syntax.</p>
 </summary>