actix/actix-web
1
0
Fork 0
mirror of https://github.com/fafhrd91/actix-web synced 2025-03-20 22:35:17 +01:00
Code Issues Releases Wiki Activity
actix-web/src/middleware
History
pando85 4fc99d4a6f
Fix audit issue logging by default peer address (#1485) 
* Fix audit issue logging by default peer address

By default log format include remote address that is taken from headers.
This is very easy to replace making log untrusted.

Changing default log format value `%a` to peer address we are getting
this trusted data always. Also, remote address option is maintianed and
relegated to `%{r}a` value.

Related  kanidm/kanidm#191.

* Rename peer/remote to remote_addr/realip_remote_addr

Change names to avoid naming confusions. I choose this accord to Nginx
variables and
[ngx_http_realip_module](https://nginx.org/en/docs/http/ngx_http_realip_module.html).

Add more specific documentation about security concerns of using Real IP
in logger.

* Rename security advertise header in doc

* Add fix audit issue logging by default peer adress to changelog

Co-authored-by: Rob Ede <robjtede@icloud.com>
2020-05-15 09:07:27 +09:00
..
compress.rs
fix Bodyencoding trait usage
2019-12-18 09:30:14 +06:00
condition.rs
fix spelling errors in doc comments
2020-04-21 04:09:35 +01:00
defaultheaders.rs
allow to specify multi pattern for resources
2019-12-25 20:14:44 +04:00
errhandlers.rs
allow to specify multi pattern for resources
2019-12-25 20:14:44 +04:00
logger.rs
Fix audit issue logging by default peer address (#1485)
2020-05-15 09:07:27 +09:00
mod.rs
Move BodyEncoding to dev module #1220
2019-12-16 17:22:26 +06:00
normalize.rs
Change NormalizePath to append trailing slash (#1433)
2020-04-05 03:26:40 +09:00