public RequestConnectionPoint
Represents request address information is used to make a call. There are at least two possible instances: "local" is how we see request at the server application and "actual" is what we can recover from proxy provided headers.
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getHost()
Request host, useful for virtual hosts routing
|
HttpMethod |
getMethod()
Request HTTP method
|
int |
getPort()
Request port, for example 80 or 443
|
java.lang.String |
getRemoteHost()
Client address or host name (generally not resolved to name for performance reasons).
For io.ktor.application.ApplicationRequest.local instance could point to
a proxy our application running behind.
NEVER use it for user authentication as it can be easily falsified (user can simply set some HTTP headers
such as X-Forwarded-Host so you should NEVER rely on it in any security checks.
If you are going to use it to create a back-connection please do it with care as an offender can easily
use it to force you to connect to some host that is not intended to be connected to so that may cause
serious consequences.
|
java.lang.String |
getScheme()
Request scheme, for example "http" or "https"
|
java.lang.String |
getUri()
URI path with no host, port and no schema specification, but possibly with query
|
java.lang.String |
getVersion()
Protocol version string
|
java.lang.String getScheme()
Request scheme, for example "http" or "https"
java.lang.String getVersion()
Protocol version string
int getPort()
Request port, for example 80 or 443
java.lang.String getHost()
Request host, useful for virtual hosts routing
java.lang.String getUri()
URI path with no host, port and no schema specification, but possibly with query
HttpMethod getMethod()
Request HTTP method
java.lang.String getRemoteHost()
Client address or host name (generally not resolved to name for performance reasons). For io.ktor.application.ApplicationRequest.local instance could point to a proxy our application running behind. NEVER use it for user authentication as it can be easily falsified (user can simply set some HTTP headers such as X-Forwarded-Host so you should NEVER rely on it in any security checks. If you are going to use it to create a back-connection please do it with care as an offender can easily use it to force you to connect to some host that is not intended to be connected to so that may cause serious consequences.