actix/actix-extras
1
0
Fork 0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-23 23:51:06 +01:00
Code Issues Releases Wiki Activity

Add security note to ConnectionInfo::remote() (#1158)

Browse Source
This commit is contained in:
Feiko Nanninga 2019-11-14 03:32:47 +01:00 committed by Nikolay Kim
parent fba02fdd8c
commit 88110ed268
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/info.rs
View File

@ -162,6 +162,12 @@ impl ConnectionInfo {
/// - Forwarded /// - Forwarded
/// - X-Forwarded-For /// - X-Forwarded-For
/// - peer name of opened socket /// - peer name of opened socket
///
/// # Security
/// Do not use this function for security purposes, unless you can ensure the Forwarded and
/// X-Forwarded-For headers cannot be spoofed by the client. If you want the client's socket
/// address explicitly, use
/// [`HttpRequest::peer_addr()`](../web/struct.HttpRequest.html#method.peer_addr) instead.
#[inline] #[inline]
pub fn remote(&self) -> Option<&str> { pub fn remote(&self) -> Option<&str> {
if let Some(ref r) = self.remote { if let Some(ref r) = self.remote {