[3.7] gh-81054: Document that SimpleHTTPRequestHandler follows symbolic links (GH...

author Łukasz Langa <lukasz@langa.pl>

Fri, 1 Jul 2022 16:50:36 +0000 (18:50 +0200)

committer GitHub <noreply@github.com>

Fri, 1 Jul 2022 16:50:36 +0000 (18:50 +0200)
author Łukasz Langa <lukasz@langa.pl>
Fri, 1 Jul 2022 16:50:36 +0000 (18:50 +0200)
committer GitHub <noreply@github.com>
Fri, 1 Jul 2022 16:50:36 +0000 (18:50 +0200)
diff --git a/Doc/library/http.server.rst b/Doc/library/http.server.rst

index 7e317cd8bc2ba8dd75f281a6b7c0863a38b88b80..a93362d96f13f42d8b00a90a72d6de345b729220 100644 (file)
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@@ -19,7 +19,7 @@ This module defines classes for implementing HTTP servers (Web servers).
  .. warning::
  
      :mod:`http.server` is not recommended for production. It only implements
-    basic security checks.
+    :ref:`basic security checks <http.server-security>`.
  
  One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass.
  It creates and listens at the HTTP socket, dispatching the requests to a
@@ -470,3 +470,14 @@ the following command uses a specific directory::
  the ``--cgi`` option::
  
          python -m http.server --cgi 8000
+
+.. _http.server-security:
+
+Security Considerations
+-----------------------
+
+.. index:: pair: http.server; security
+
+:class:`SimpleHTTPRequestHandler` will follow symbolic links when handling
+requests, this makes it possible for files outside of the specified directory
+to be served.
author	Łukasz Langa <lukasz@langa.pl>
	Fri, 1 Jul 2022 16:50:36 +0000 (18:50 +0200)
committer	GitHub <noreply@github.com>
	Fri, 1 Jul 2022 16:50:36 +0000 (18:50 +0200)