1
0
mirror of https://github.com/actix/actix-website synced 2024-11-27 18:12:57 +01:00

static-files: Fix warning annotation (#344)

This commit is contained in:
Yuki Okushi 2023-11-11 19:56:51 +09:00 committed by GitHub
parent 389681aa07
commit 6fea6cd0ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -10,7 +10,9 @@ It is possible to serve static files with a custom path pattern and `NamedFile`.
<CodeBlock example="static-files" file="main.rs" section="individual-file" /> <CodeBlock example="static-files" file="main.rs" section="individual-file" />
:::warning Matching a path tail with the `[.*]` regex and using it to return a `NamedFile` has serious security implications. It offers the possibility for an attacker to insert `../` into the URL and access every file on the host that the user running the server has access to. ::: :::warning
Matching a path tail with the `[.*]` regex and using it to return a `NamedFile` has serious security implications. It offers the possibility for an attacker to insert `../` into the URL and access every file on the host that the user running the server has access to.
:::
## Directory ## Directory