mirrors/actix-web
1
0
Fork 0
mirror of https://github.com/actix/actix-web.git synced 2025-04-04 00:59:36 +00:00
Code Issues Projects Releases Wiki Activity

Add security note to ConnectionInfo::remote()

Browse source
This commit is contained in:
clonejo 2019-11-08 23:10:30 +01:00
parent fba02fdd8c
commit 7e8cac08e4
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/info.rs
View file

@ -162,6 +162,12 @@ impl ConnectionInfo {
/// - Forwarded
/// - X-Forwarded-For
/// - peer name of opened socket
///
/// # Security
/// Do not use this function for security purposes, unless you can ensure the Forwarded and
/// X-Forwarded-For headers cannot be spoofed by the client. If you want the client's socket
/// address explicitly, use
/// [`HttpRequest::peer_addr()`](../web/struct.HttpRequest.html#method.peer_addr) instead.
#[inline]
pub fn remote(&self) -> Option<&str> {
if let Some(ref r) = self.remote {