[Pkg-javascript-devel] Bug#553173: Global javascript Alias in Apache2 configuration when installing libjs-jquery
Ronan Chilvers
ronan at d3r.com
Thu Oct 29 09:44:10 UTC 2009
Package: javascript-common
Version: 5
Severity: important
Installing the javascript-common package generates symlink
/etc/apache2/conf.d/javascript-common.conf
pointing to
/etc/javascript-common/javascript-common.conf
This configuration file contains an Apache Alias directive as follows:
Alias /javascript /usr/share/javascript
Because this is in the global scope of the server configuration, sites
hosted on the machine that store data in a /javascript location will find
that the global alias overrides the site configuration. The likely result of
this is that requests to files in /javascript will return a 404 File Not
Found error, potentially breaking those websites.
This was discovered when Trac was installed on a server that already hosts
client websites that store site local javascript in a /javascript location.
I suggest that either:
a. The global Alias is not created and administrators are advised to include
it in their VirtualHost configurations.
b. The global Alias name is changed to something more obscure to avoid name
clashes.
c. At the very least a warning is displayed when the Alias is created to
alert the administrator what is happening.
I am using Debian Lenny 2.6.26-2-amd64 #1 SMP with
apache2-mpm-prefork 2.2.9-10+lenny4, javascript-common
5, libjs-jquery 1.2.6-2, trac 0.11.1-2.1
Many thanks
--
Ronan
D3R Ltd
t 0333 800 2288
f 0333 800 2289
e ronan at d3r.com
w http://d3r.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20091029/6f6a44c9/attachment.htm>
More information about the Pkg-javascript-devel
mailing list