diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2017-12-11 15:32:29 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-12-11 15:32:29 +0100 |
| commit | feed07227ba9feb8def161dc127033016c749ac5 (patch) | |
| tree | 1cc057a237e2987b4b54cca6dde954ee0df737de /app/controllers/concerns | |
| parent | e56323a4dd3048fa6f46590052bcba75d82b3317 (diff) | |
Apply a 25x rate limit by IP even to authenticated requests (#5948)
Diffstat (limited to 'app/controllers/concerns')
| -rw-r--r-- | app/controllers/concerns/rate_limit_headers.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/concerns/rate_limit_headers.rb b/app/controllers/concerns/rate_limit_headers.rb index ac9b58f5d..b79c558d8 100644 --- a/app/controllers/concerns/rate_limit_headers.rb +++ b/app/controllers/concerns/rate_limit_headers.rb @@ -44,8 +44,8 @@ module RateLimitHeaders end def api_throttle_data - request.env['rack.attack.throttle_data']['throttle_authenticated_api'] || - request.env['rack.attack.throttle_data']['throttle_unauthenticated_api'] + most_limited_type, = request.env['rack.attack.throttle_data'].min_by { |_, v| v[:limit] } + request.env['rack.attack.throttle_data'][most_limited_type] end def request_time |