bpo-34576 warn users on security for http.server (#9720)

It was proposed to add an warning for http.server regarding security issues. The wording was provided at bpo-26005 by @orsenthil
2025-12-23 09:19:18 +00:00 · 2018-10-10 23:43:40 -03:00 · 2018-10-10 23:43:40 -03:00 · 1d26c72e6a
commit 1d26c72e6a
parent a6b3ec5b6d
1 changed files with 8 additions and 0 deletions
--- a/Doc/library/http.server.rst
+++ b/Doc/library/http.server.rst
@ -16,6 +16,14 @@

 This module defines classes for implementing HTTP servers (Web servers).

+Security Considerations
+-----------------------
+
+http.server is meant for demo purposes and does not implement the stringent
+security checks needed of real HTTP server. We do not recommend
+using this module directly in production.
+
+
 One class, :class:`HTTPServer`, is a :class:`socketserver.TCPServer` subclass.
 It creates and listens at the HTTP socket, dispatching the requests to a
 handler.  Code to create and run the server looks like this::