Commit 43ae54ba authored by Kevin Burke's avatar Kevin Burke Committed by Brad Fitzpatrick

net/http: document that Dir can serve sensitive directories

Updates #20759.

Change-Id: Ic61dcb6d101ad1491dca535aebb6ee8ee740d013
Reviewed-on: https://go-review.googlesource.com/46468Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
parent 143bdc27
......@@ -30,6 +30,12 @@ import (
// value is a filename on the native file system, not a URL, so it is separated
// by filepath.Separator, which isn't necessarily '/'.
//
// Note that Dir will allow access to files and directories starting with a
// period, which could expose sensitive directories like a .git directory or
// sensitive files like .htpasswd. To exclude files with a leading period,
// remove the files/directories from the server or create a custom FileSystem
// implementation.
//
// An empty Dir is treated as ".".
type Dir string
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment