actix/actix-website
1
0
Fork 0
mirror of https://github.com/actix/actix-website synced 2024-11-27 18:12:57 +01:00
Code Issues Releases Wiki Activity

Added warning message for using regex tail matching with PathBuf and NamedFile (#317)

Browse Source 
* warning message for using regex tail matching with PathBuf and NamedFile

* updated links and enhanced their formatting

* small grammar fix
This commit is contained in:
Jonas Fassbender 2023-03-04 01:56:14 +01:00 committed by GitHub
parent 04f6f0bd02
commit 9827030543
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/static-files.md
View File

@ -10,15 +10,20 @@ It is possible to serve static files with a custom path pattern and `NamedFile`.
<CodeBlock example="static-files" file="main.rs" section="individual-file" /> <CodeBlock example="static-files" file="main.rs" section="individual-file" />
:::warning
Matching a path tail with the `[.*]` regex and using it to return a `NamedFile` has serious security implications.
It offers the possibility for an attacker to insert `../` into the URL and access every file on the host that the user running the server has access to.
:::
## Directory ## Directory
To serve files from specific directories and sub-directories, `Files` can be used. `Files` must be registered with an `App::service()` method, otherwise it will be unable to serve sub-paths. To serve files from specific directories and sub-directories, [`Files`][files] can be used. `Files` must be registered with an `App::service()` method, otherwise it will be unable to serve sub-paths.
<CodeBlock example="static-files" file="directory.rs" section="directory" /> <CodeBlock example="static-files" file="directory.rs" section="directory" />
By default files listing for sub-directories is disabled. Attempt to load directory listing will return _404 Not Found_ response. To enable files listing, use [_Files::show_files_listing()_][showfileslisting] method. By default files listing for sub-directories is disabled. Attempt to load directory listing will return _404 Not Found_ response. To enable files listing, use [`Files::show_files_listing()`][showfileslisting] method.
Instead of showing files listing for directory, it is possible to redirect to a specific index file. Use the [_Files::index_file()_][indexfile] method to configure this redirect. Instead of showing files listing for a directory, it is possible to redirect to a specific index file. Use the [`Files::index_file()`][indexfile] method to configure this redirect.
## Configuration ## Configuration
@ -36,5 +41,6 @@ The Configuration can also be applied to directory service:
<CodeBlock example="static-files" file="configuration_two.rs" section="config-two" /> <CodeBlock example="static-files" file="configuration_two.rs" section="config-two" />
[showfileslisting]: https://docs.rs/actix-files/0.2/actix_files/struct.Files.html [files]: https://docs.rs/actix-files/0.6/actix_files/struct.Files.html#
[indexfile]: https://docs.rs/actix-files/0.2/actix_files/struct.Files.html#method.index_file [showfileslisting]: https://docs.rs/actix-files/0.6/actix_files/struct.Files.html#method.show_files_listing
[indexfile]: https://docs.rs/actix-files/0.6/actix_files/struct.Files.html#method.index_file