diff options
author | Ćukasz Langa <lukasz@langa.pl> | 2022-07-01 16:42:13 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-01 16:42:13 (GMT) |
commit | bd0f2a1955f99dc504d6c7bed495ec2a0ee74859 (patch) | |
tree | 13e4a0ecd19e8ba723721649689ca8b325735487 | |
parent | 51f1ae5ceb0673316c4e4b0175384e892e33cc6e (diff) | |
download | cpython-bd0f2a1955f99dc504d6c7bed495ec2a0ee74859.zip cpython-bd0f2a1955f99dc504d6c7bed495ec2a0ee74859.tar.gz cpython-bd0f2a1955f99dc504d6c7bed495ec2a0ee74859.tar.bz2 |
[3.8] gh-81054: Document that SimpleHTTPRequestHandler follows symbolic links (GH-94416) (GH-94495)
(cherry picked from commit 80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf)
Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>
-rw-r--r-- | Doc/library/http.server.rst | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst index d54bd05..0ba5091 100644 --- a/Doc/library/http.server.rst +++ b/Doc/library/http.server.rst @@ -20,7 +20,7 @@ This module defines classes for implementing HTTP servers (Web servers). .. warning:: :mod:`http.server` is not recommended for production. It only implements - basic security checks. + :ref:`basic security checks <http.server-security>`. One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass. It creates and listens at the HTTP socket, dispatching the requests to a @@ -477,3 +477,14 @@ the following command uses a specific directory:: the ``--cgi`` option:: python -m http.server --cgi 8000 + +.. _http.server-security: + +Security Considerations +----------------------- + +.. index:: pair: http.server; security + +:class:`SimpleHTTPRequestHandler` will follow symbolic links when handling +requests, this makes it possible for files outside of the specified directory +to be served. |