add userdir same-origin warnings to mod_userdir

Submitted By: Hanno Böck <hanno hboeck.de> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1875785 13f79535-47bb-0310-9956-ffa450edef68
author: Eric Covener <covener@apache.org> 2020-03-27 17:48:46 +0100
committer: Eric Covener <covener@apache.org> 2020-03-27 17:48:46 +0100
commit: 58adde718cf55de5d182d5d227b4f30cb8ed1035 (patch)
tree: 759affe6968c4210c7ddc0079ecf0793b564c676
parent: Parentheses around AP_BUCKET_IS_EOR argument. (diff)
download: apache2-58adde718cf55de5d182d5d227b4f30cb8ed1035.tar.xz
apache2-58adde718cf55de5d182d5d227b4f30cb8ed1035.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/manual/mod/mod_userdir.xml b/docs/manual/mod/mod_userdir.xml
index d30cd819fb..0fe76f5f76 100644
--- a/docs/manual/mod/mod_userdir.xml
+++ b/docs/manual/mod/mod_userdir.xml
@@ -29,6 +29,14 @@
 <identifier>userdir_module</identifier>
 
 <summary>
+<note type="warning">By using this module you are allowing multiple users
+to host content within the same origin. The same origin policy is a key
+principle of Javascript and web security. By hosting web pages in the same
+origin these pages can read and control each other and security issues in
+one page may affect another. This is particularly dangerous in combination
+with web pages involving dynamic content and authentication and when
+your users don't necessarily trust each other.</note>
+
 <p>This module allows user-specific directories to be accessed using the
 <code>http://example.com/~user/</code> syntax.</p>
 </summary>
author	Eric Covener <covener@apache.org>	2020-03-27 17:48:46 +0100
committer	Eric Covener <covener@apache.org>	2020-03-27 17:48:46 +0100
commit	58adde718cf55de5d182d5d227b4f30cb8ed1035 (patch)
tree	759affe6968c4210c7ddc0079ecf0793b564c676
parent	Parentheses around AP_BUCKET_IS_EOR argument. (diff)
download	apache2-58adde718cf55de5d182d5d227b4f30cb8ed1035.tar.xz apache2-58adde718cf55de5d182d5d227b4f30cb8ed1035.zip