raboof commented on PR #759: URL: https://github.com/apache/pekko-http/pull/759#issuecomment-3279487843
> The server setting for remote address headers is deprecated (just on the get side - not on the setting side). That seems like an oversight. The reason for moving to attributes is https://github.com/akka/akka-http/issues/2924 : the header was a 'hack' to pass information from the Akka HTTP code to the user code from when we didn't have attributes yet. The problem with the hack is that the user code can't distinguish between a `Remote-Address` header injected by a 'malicious' client and a 'synthetic' `Remote-Address` header injected by the library code. Since attributes are always synthetic, those are a better fit for this information. > The suggestion is to use remote address attributes instead. However, request attributes and headers are not the same thing. So far, it seems like it would make sense to continue to support remote address headers. Maybe we should deprecate `settings.withRemoteAddressHeader` now and give it another cycle before we remove it? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
