Merge r1875785 from trunk:

author Eric Covener <covener@apache.org>

Fri, 27 Mar 2020 16:49:14 +0000 (16:49 +0000)

committer Eric Covener <covener@apache.org>

Fri, 27 Mar 2020 16:49:14 +0000 (16:49 +0000)
author Eric Covener <covener@apache.org>
Fri, 27 Mar 2020 16:49:14 +0000 (16:49 +0000)
committer Eric Covener <covener@apache.org>
Fri, 27 Mar 2020 16:49:14 +0000 (16:49 +0000)
diff --git a/docs/manual/mod/mod_userdir.xml b/docs/manual/mod/mod_userdir.xml

index d30cd819fb837d042095ed4af7ecd440f65bb687..0fe76f5f7694433ec64bebd0156b391907256c54 100644 (file)
--- a/docs/manual/mod/mod_userdir.xml
+++ b/docs/manual/mod/mod_userdir.xml
@@ -29,6 +29,14 @@
  <identifier>userdir_module</identifier>
  
  <summary>
+<note type="warning">By using this module you are allowing multiple users
+to host content within the same origin. The same origin policy is a key
+principle of Javascript and web security. By hosting web pages in the same
+origin these pages can read and control each other and security issues in
+one page may affect another. This is particularly dangerous in combination
+with web pages involving dynamic content and authentication and when
+your users don't necessarily trust each other.</note>
+
  <p>This module allows user-specific directories to be accessed using the
  <code>http://example.com/~user/</code> syntax.</p>
  </summary>
author	Eric Covener <covener@apache.org>
	Fri, 27 Mar 2020 16:49:14 +0000 (16:49 +0000)
committer	Eric Covener <covener@apache.org>
	Fri, 27 Mar 2020 16:49:14 +0000 (16:49 +0000)