Fossil SCM
Enhance the CGI extension documentation to point out that CGI extensions are accessible to all users and that access control is the responsibility of the individual extensions.
Commit
30894085f42dc5c8d99f0571c73689ac9e45a9c8ddd26ab8d84218395ade74c2
Parent
7c511caeccf09ce…
1 file changed
+21
-1
+21
-1
| --- www/serverext.wiki | ||
| +++ www/serverext.wiki | ||
| @@ -274,11 +274,31 @@ | ||
| 274 | 274 | If a CGI program requires separate data files, it is safe to put those |
| 275 | 275 | files in the same directory as the CGI program itself as long as the names |
| 276 | 276 | of the data files contain special characters that cause them to be ignored |
| 277 | 277 | by Fossil. |
| 278 | 278 | |
| 279 | -<h2>6.0 Trouble-Shooting Hints</h2> | |
| 279 | +<h2>6.0 Access Permissions</h2> | |
| 280 | + | |
| 281 | +CGI extension files and programs are accessible to everyone. | |
| 282 | + | |
| 283 | +When CGI extensions have been enabled (using either "extroot:" in the | |
| 284 | +CGI file or the --extroot option for other server methods) all files | |
| 285 | +in the extension root directory hierarchy, except special filenames | |
| 286 | +identified previously, are accessible to all users. Users do not | |
| 287 | +have to have "Read" privilege, or any other privilege, in order to | |
| 288 | +access the extensions. | |
| 289 | + | |
| 290 | +This is by design. The CGI extension mechanism is intended to operate | |
| 291 | +in the same way as a traditional web-server. | |
| 292 | + | |
| 293 | +CGI programs that want to restrict access | |
| 294 | +can examine the FOSSIL_CAPABILITIES and/or FOSSIL_USER environment variables. | |
| 295 | +In other words, access control is the responsibility of the individual | |
| 296 | +extension programs. | |
| 297 | + | |
| 298 | + | |
| 299 | +<h2>7.0 Trouble-Shooting Hints</h2> | |
| 280 | 300 | |
| 281 | 301 | Remember that the /ext will return any file in the extroot directory |
| 282 | 302 | hierarchy as static content if the file is readable but not executable. |
| 283 | 303 | When initially setting up the /ext mechanism, it is sometimes helpful |
| 284 | 304 | to verify that you are able to receive static content prior to starting |
| 285 | 305 |
| --- www/serverext.wiki | |
| +++ www/serverext.wiki | |
| @@ -274,11 +274,31 @@ | |
| 274 | If a CGI program requires separate data files, it is safe to put those |
| 275 | files in the same directory as the CGI program itself as long as the names |
| 276 | of the data files contain special characters that cause them to be ignored |
| 277 | by Fossil. |
| 278 | |
| 279 | <h2>6.0 Trouble-Shooting Hints</h2> |
| 280 | |
| 281 | Remember that the /ext will return any file in the extroot directory |
| 282 | hierarchy as static content if the file is readable but not executable. |
| 283 | When initially setting up the /ext mechanism, it is sometimes helpful |
| 284 | to verify that you are able to receive static content prior to starting |
| 285 |
| --- www/serverext.wiki | |
| +++ www/serverext.wiki | |
| @@ -274,11 +274,31 @@ | |
| 274 | If a CGI program requires separate data files, it is safe to put those |
| 275 | files in the same directory as the CGI program itself as long as the names |
| 276 | of the data files contain special characters that cause them to be ignored |
| 277 | by Fossil. |
| 278 | |
| 279 | <h2>6.0 Access Permissions</h2> |
| 280 | |
| 281 | CGI extension files and programs are accessible to everyone. |
| 282 | |
| 283 | When CGI extensions have been enabled (using either "extroot:" in the |
| 284 | CGI file or the --extroot option for other server methods) all files |
| 285 | in the extension root directory hierarchy, except special filenames |
| 286 | identified previously, are accessible to all users. Users do not |
| 287 | have to have "Read" privilege, or any other privilege, in order to |
| 288 | access the extensions. |
| 289 | |
| 290 | This is by design. The CGI extension mechanism is intended to operate |
| 291 | in the same way as a traditional web-server. |
| 292 | |
| 293 | CGI programs that want to restrict access |
| 294 | can examine the FOSSIL_CAPABILITIES and/or FOSSIL_USER environment variables. |
| 295 | In other words, access control is the responsibility of the individual |
| 296 | extension programs. |
| 297 | |
| 298 | |
| 299 | <h2>7.0 Trouble-Shooting Hints</h2> |
| 300 | |
| 301 | Remember that the /ext will return any file in the extroot directory |
| 302 | hierarchy as static content if the file is readable but not executable. |
| 303 | When initially setting up the /ext mechanism, it is sometimes helpful |
| 304 | to verify that you are able to receive static content prior to starting |
| 305 |