diff options
author | Claire <claire.github-309c@sitedethib.com> | 2024-05-30 14:56:18 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-30 12:56:18 +0000 |
commit | 73a78cc19d0bff68425678c6b4c0ee0fc0a0f528 (patch) | |
tree | 7bdd83e592d200f6590310e69883fb18e5da0666 /config | |
parent | 3fa0dd0b88bae1aeb505195044951eb9eebe90f1 (diff) |
Fix rate-limiting incorrectly triggering a session cookie on most endpoints (#30483)
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/rack_attack.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index b3739429e82..14fab7ecda1 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -30,7 +30,7 @@ class Rack::Attack end def authenticated_user_id - authenticated_token&.resource_owner_id || warden_user_id + authenticated_token&.resource_owner_id end def authenticated_token_id @@ -142,7 +142,7 @@ class Rack::Attack end throttle('throttle_password_change/account', limit: 10, period: 10.minutes) do |req| - req.authenticated_user_id if req.put? || (req.patch? && req.path_matches?('/auth')) + req.warden_user_id if req.put? || (req.patch? && req.path_matches?('/auth')) end self.throttled_responder = lambda do |request| |