RequestConnectionPoint
Represents request address information is used to make a call. There are at least two possible instances: "local" is how we see request at the server application and "actual" is what we can recover from proxy provided headers.
Properties
Client address. For io.ktor.application.ApplicationRequest.local instance could point to a proxy our application running behind. NEVER use it for user authentication as it can be easily falsified (user can simply set some HTTP headers such as X-Forwarded-Host so you should NEVER rely on it in any security checks). If you are going to use it to create a back-connection, please do it with care as an offender can easily use it to force you to connect to some host that is not intended to be connected to so that may cause serious consequences.
Client address or host name if it can be resolved. For io.ktor.application.ApplicationRequest.local instance could point to a proxy our application running behind. NEVER use it for user authentication as it can be easily falsified (user can simply set some HTTP headers such as X-Forwarded-Host so you should NEVER rely on it in any security checks). If you are going to use it to create a back-connection, please do it with care as an offender can easily use it to force you to connect to some host that is not intended to be connected to so that may cause serious consequences.
Client port. For io.ktor.application.ApplicationRequest.local instance could point to a proxy our application running behind. NEVER use it for user authentication as it can be easily falsified (user can simply set some HTTP headers such as X-Forwarded-Host so you should NEVER rely on it in any security checks). If you are going to use it to create a back-connection, please do it with care as an offender can easily use it to force you to connect to some host that is not intended to be connected to so that may cause serious consequences.