Mercurial > p > roundup > code
comparison doc/customizing.txt @ 7094:570abc4c6548
Improve documention on access to templates and static_files.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 30 Nov 2022 02:22:21 -0500 |
| parents | ff2c8b430738 |
| children | 519fb6dca72b |
comparison
equal
deleted
inserted
replaced
| 7093:f72ce883e677 | 7094:570abc4c6548 |
|---|---|
| 2307 ---------------------- | 2307 ---------------------- |
| 2308 | 2308 |
| 2309 See the previous section `determining web context`_ where it describes | 2309 See the previous section `determining web context`_ where it describes |
| 2310 ``@@file`` paths. | 2310 ``@@file`` paths. |
| 2311 | 2311 |
| 2312 These files are served without any permission checks. Any user on the | |
| 2313 internet with the url can download the file. | |
| 2314 | |
| 2315 This is rarely an issue since the html templates are just source code | |
| 2316 and much of it can be found in the Roundup repository. Other | |
| 2317 decoration (logos, stylesheets) are similarly not security sensitive. | |
| 2318 You can use the static_files setting in config.ini to eliminate | |
| 2319 access to the templates directory if desired. | |
| 2320 | |
| 2321 If a file resolves to a symbolic link, it is not served. | |
| 2312 | 2322 |
| 2313 Performing actions in web requests | 2323 Performing actions in web requests |
| 2314 ---------------------------------- | 2324 ---------------------------------- |
| 2315 | 2325 |
| 2316 When a user requests a web page, they may optionally also request for an | 2326 When a user requests a web page, they may optionally also request for an |