mirrors/actix-web
1
0
Fork 0
mirror of https://github.com/actix/actix-web.git synced 2025-01-04 14:28:50 +00:00
Code Issues Projects Releases Wiki Activity

Add security note to ConnectionInfo::remote() (#1158)

Browse source
This commit is contained in:
Feiko Nanninga 2019-11-14 03:32:47 +01:00 committed by Nikolay Kim
parent fba02fdd8c
commit 88110ed268
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/info.rs
View file

@ -162,6 +162,12 @@ impl ConnectionInfo {
/// - Forwarded /// - Forwarded
/// - X-Forwarded-For /// - X-Forwarded-For
/// - peer name of opened socket /// - peer name of opened socket
///
/// # Security
/// Do not use this function for security purposes, unless you can ensure the Forwarded and
/// X-Forwarded-For headers cannot be spoofed by the client. If you want the client's socket
/// address explicitly, use
/// [`HttpRequest::peer_addr()`](../web/struct.HttpRequest.html#method.peer_addr) instead.
#[inline] #[inline]
pub fn remote(&self) -> Option<&str> { pub fn remote(&self) -> Option<&str> {
if let Some(ref r) = self.remote { if let Some(ref r) = self.remote {