actix/actix-website
1
0
Fork 0
mirror of https://github.com/actix/actix-website synced 2024-11-24 00:41:07 +01:00
Code Issues Releases Wiki Activity

static-files: Fix warning annotation (#344)

Browse Source
This commit is contained in:
Yuki Okushi 2023-11-11 19:56:51 +09:00 committed by GitHub
parent 389681aa07
commit 6fea6cd0ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/static-files.md
View File

@ -10,7 +10,9 @@ It is possible to serve static files with a custom path pattern and `NamedFile`.
<CodeBlock example="static-files" file="main.rs" section="individual-file" /> <CodeBlock example="static-files" file="main.rs" section="individual-file" />
:::warning Matching a path tail with the `[.*]` regex and using it to return a `NamedFile` has serious security implications. It offers the possibility for an attacker to insert `../` into the URL and access every file on the host that the user running the server has access to. ::: :::warning
Matching a path tail with the `[.*]` regex and using it to return a `NamedFile` has serious security implications. It offers the possibility for an attacker to insert `../` into the URL and access every file on the host that the user running the server has access to.
:::
## Directory ## Directory