OpenSource/axum
OpenSource/axum
1
0
Fork 0
mirror of https://github.com/tokio-rs/axum.git synced 2024-11-29 19:52:40 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add security note about extract::Host (#839)

Browse source
This commit is contained in:
David Pedersen 2022-03-09 10:18:12 +01:00 committed by GitHub
parent 04dd7617a4
commit f9a94ca7eb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
axum/src/extract/host.rs
View file

@ -4,7 +4,7 @@ use super::{
}; };
use async_trait::async_trait; use async_trait::async_trait;
const X_FORWARDED_HOST_HEADER_KEY: &'static str = "X-Forwarded-Host"; const X_FORWARDED_HOST_HEADER_KEY: &str = "X-Forwarded-Host";
/// Extractor that resolves the hostname of the request. /// Extractor that resolves the hostname of the request.
/// ///
@ -12,6 +12,9 @@ const X_FORWARDED_HOST_HEADER_KEY: &'static str = "X-Forwarded-Host";
/// - `X-Forwarded-Host` header /// - `X-Forwarded-Host` header
/// - `Host` header /// - `Host` header
/// - request target / URI /// - request target / URI
///
/// Note that user agents can set `X-Forwarded-Host` and `Host` headers to arbitrary values so make
/// sure to validate them to avoid security issues.
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct Host(pub String); pub struct Host(pub String);