From 7e8cac08e45c4b4548e5c93668a155d44b49ca04 Mon Sep 17 00:00:00 2001
From: clonejo <clonejo@shakik.de>
Date: Fri, 8 Nov 2019 23:10:30 +0100
Subject: [PATCH] Add security note to ConnectionInfo::remote()

---
 src/info.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/info.rs b/src/info.rs
index 61914516e..a9c3e4eeb 100644
--- a/src/info.rs
+++ b/src/info.rs
@@ -162,6 +162,12 @@ impl ConnectionInfo {
     /// - Forwarded
     /// - X-Forwarded-For
     /// - peer name of opened socket
+    ///
+    /// # Security
+    /// Do not use this function for security purposes, unless you can ensure the Forwarded and
+    /// X-Forwarded-For headers cannot be spoofed by the client. If you want the client's socket
+    /// address explicitly, use
+    /// [`HttpRequest::peer_addr()`](../web/struct.HttpRequest.html#method.peer_addr) instead.
     #[inline]
     pub fn remote(&self) -> Option<&str> {
         if let Some(ref r) = self.remote {