Allow the typical non-DAV methods to be unrestricted

in our DAV examples (in particular, POST). Also change <Location> to <Directory> in the docs. This particular example was not a security problem because <Location> was being used to *extend* access, rather than to *restrict* access, but it is better to encourage people to use <Directory> by default. PR: 40030 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@433694 13f79535-47bb-0310-9956-ffa450edef68
2025-08-15 23:27:39 +00:00 · 2006-08-22 17:07:54 +00:00
parent 53133772ac
commit 86319c427d
2 changed files with 4 additions and 4 deletions
--- a/docs/conf/extra/httpd-dav.conf.in
+++ b/docs/conf/extra/httpd-dav.conf.in
@ -28,7 +28,7 @@ Alias /uploads "@@ServerRoot@@/uploads"

    # Allow universal read-access, but writes are restricted
    # to the admin user.
-    <LimitExcept GET OPTIONS>
+    <LimitExcept GET POST OPTIONS>
        require user admin
    </LimitExcept>
 </Directory>
--- a/docs/manual/mod/mod_dav.xml
+++ b/docs/manual/mod/mod_dav.xml
@ -79,7 +79,7 @@
    <example><title>Full Example</title>
      DavLockDB /usr/local/apache2/var/DavLock<br />
      <br />
-       &lt;Location /foo&gt;<br />
+       &lt;Directory /usr/local/apache2/htdocs/foo&gt;<br />
       <indent>
 	 Order Allow,Deny<br />
 	 Allow from all<br />
@ -89,13 +89,13 @@
         AuthName DAV<br />
         AuthUserFile user.passwd<br />
         <br />
-         &lt;LimitExcept GET OPTIONS&gt;<br />
+         &lt;LimitExcept GET POST OPTIONS&gt;<br />
         <indent>
           require user admin<br />
         </indent>
         &lt;/LimitExcept&gt;<br />
       </indent>
-       &lt;/Location&gt;<br />
+       &lt;/Directory&gt;<br />
    </example>

   <p><module>mod_dav</module> is a descendent of Greg Stein's <a