Fix rate-limiting incorrectly triggering a session cookie on most endpoints (#30483)
This commit is contained in:
parent
3fa0dd0b88
commit
73a78cc19d
|
@ -30,7 +30,7 @@ class Rack::Attack
|
||||||
end
|
end
|
||||||
|
|
||||||
def authenticated_user_id
|
def authenticated_user_id
|
||||||
authenticated_token&.resource_owner_id || warden_user_id
|
authenticated_token&.resource_owner_id
|
||||||
end
|
end
|
||||||
|
|
||||||
def authenticated_token_id
|
def authenticated_token_id
|
||||||
|
@ -142,7 +142,7 @@ class Rack::Attack
|
||||||
end
|
end
|
||||||
|
|
||||||
throttle('throttle_password_change/account', limit: 10, period: 10.minutes) do |req|
|
throttle('throttle_password_change/account', limit: 10, period: 10.minutes) do |req|
|
||||||
req.authenticated_user_id if req.put? || (req.patch? && req.path_matches?('/auth'))
|
req.warden_user_id if req.put? || (req.patch? && req.path_matches?('/auth'))
|
||||||
end
|
end
|
||||||
|
|
||||||
self.throttled_responder = lambda do |request|
|
self.throttled_responder = lambda do |request|
|
||||||
|
|
Loading…
Reference in New Issue