fedi/mastodon
1
0
Fork 1
mirror of https://github.com/mastodon/mastodon.git synced 2024-11-09 17:15:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix rate-limiting incorrectly triggering a session cookie on most endpoints (#30483)

Browse source
This commit is contained in:
Claire 2024-05-30 14:56:18 +02:00 committed by GitHub
parent 3fa0dd0b88
commit 73a78cc19d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/initializers/rack_attack.rb
View file

@ -30,7 +30,7 @@ class Rack::Attack
end
def authenticated_user_id
authenticated_token&.resource_owner_id || warden_user_id
authenticated_token&.resource_owner_id
end
def authenticated_token_id
@ -142,7 +142,7 @@ class Rack::Attack
end
throttle('throttle_password_change/account', limit: 10, period: 10.minutes) do |req|
req.authenticated_user_id if req.put? || (req.patch? && req.path_matches?('/auth'))
req.warden_user_id if req.put? || (req.patch? && req.path_matches?('/auth'))
end
self.throttled_responder = lambda do |request|