diff options
| author | Sam Ezeh <sam.z.ezeh@gmail.com> | 2022-07-01 16:21:27 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-01 16:21:27 (GMT) |
| commit | 80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf (patch) | |
| tree | 122df76e1c7efcdee8a8d691f4efa943b3f274d3 /Doc/library/http.server.rst | |
| parent | ad55147c1d5dbfc23d2ec4554f5e82c18984158c (diff) | |
| download | cpython-80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf.zip cpython-80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf.tar.gz cpython-80aaeabb8bd1e6b49598a7e23e0f8d99b3fcecaf.tar.bz2 | |
gh-81054: Document that SimpleHTTPRequestHandler follows symbolic links (GH-94416)
Diffstat (limited to 'Doc/library/http.server.rst')
| -rw-r--r-- | Doc/library/http.server.rst | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst index 9d5e5e3..3bb7294 100644 --- a/Doc/library/http.server.rst +++ b/Doc/library/http.server.rst @@ -20,7 +20,7 @@ This module defines classes for implementing HTTP servers. .. warning:: :mod:`http.server` is not recommended for production. It only implements - basic security checks. + :ref:`basic security checks <http.server-security>`. One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass. It creates and listens at the HTTP socket, dispatching the requests to a @@ -499,3 +499,14 @@ following command runs an HTTP/1.1 conformant server:: the ``--cgi`` option:: python -m http.server --cgi + +.. _http.server-security: + +Security Considerations +----------------------- + +.. index:: pair: http.server; security + +:class:`SimpleHTTPRequestHandler` will follow symbolic links when handling +requests, this makes it possible for files outside of the specified directory +to be served. |