Treat API requests from the frontend as web traffic in the rate limiter
This will allow us to impose stricter rate limits for general API traffic, without affecting interactive API requests made by the frontend during normal GitLab usage. The frontend requests are identified by the inclusion of a CSRF token in the headers. Other rate limits that only affect a subset of API requests (e.g. the Files and Packages APIs, or protected paths) still take precedence, i.e. requests for these paths will always be matched even if they include a CSRF token. Changelog: changed
显示
- config/feature_flags/development/rate_limit_frontend_requests.yml 8 个添加, 0 个删除...eature_flags/development/rate_limit_frontend_requests.yml
- doc/user/admin_area/settings/user_and_ip_rate_limits.md 4 个添加, 0 个删除doc/user/admin_area/settings/user_and_ip_rate_limits.md
- lib/gitlab/rack_attack/request.rb 25 个添加, 10 个删除lib/gitlab/rack_attack/request.rb
- spec/channels/application_cable/connection_spec.rb 2 个添加, 6 个删除spec/channels/application_cable/connection_spec.rb
- spec/lib/gitlab/rack_attack/request_spec.rb 85 个添加, 3 个删除spec/lib/gitlab/rack_attack/request_spec.rb
- spec/requests/api/commits_spec.rb 2 个添加, 8 个删除spec/requests/api/commits_spec.rb
- spec/requests/rack_attack_global_spec.rb 17 个添加, 0 个删除spec/requests/rack_attack_global_spec.rb
- spec/support/helpers/rack_attack_spec_helpers.rb 2 个添加, 2 个删除spec/support/helpers/rack_attack_spec_helpers.rb
- spec/support/helpers/session_helpers.rb 16 个添加, 0 个删除spec/support/helpers/session_helpers.rb
- spec/support/shared_examples/requests/api/graphql/mutations/snippets_shared_examples.rb 3 个添加, 8 个删除...equests/api/graphql/mutations/snippets_shared_examples.rb
- spec/support/shared_examples/requests/rack_attack_shared_examples.rb 85 个添加, 0 个删除...t/shared_examples/requests/rack_attack_shared_examples.rb
加载中
想要评论请 注册 或 登录