Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
06071708b3
commit
abb061e25f
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
name: rate_limit_frontend_requests
|
||||
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79341
|
||||
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/350623
|
||||
milestone: '14.8'
|
||||
type: development
|
||||
group: group::integrations
|
||||
default_enabled: false
|
|
@ -23,7 +23,8 @@ By default, all Git operations are first tried unauthenticated. Because of this,
|
|||
may trigger the rate limits configured for unauthenticated requests.
|
||||
|
||||
NOTE:
|
||||
The rate limits for API requests don't affect requests made by the frontend, as these are always
|
||||
[In GitLab 14.8 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/344807),
|
||||
the rate limits for API requests don't affect requests made by the frontend, as these are always
|
||||
counted as web traffic.
|
||||
|
||||
## Enable unauthenticated API request rate limit
|
||||
|
|
|
@ -198,8 +198,6 @@ module Gitlab
|
|||
end
|
||||
|
||||
def frontend_request?
|
||||
return false unless Feature.enabled?(:rate_limit_frontend_requests, default_enabled: :yaml)
|
||||
|
||||
strong_memoize(:frontend_request) do
|
||||
next false unless env.include?('HTTP_X_CSRF_TOKEN') && session.include?(:_csrf_token)
|
||||
|
||||
|
|
|
@ -267,23 +267,6 @@ RSpec.describe Gitlab::RackAttack::Request do
|
|||
with_them do
|
||||
it { is_expected.to eq(expected) }
|
||||
end
|
||||
|
||||
context 'when the feature flag is disabled' do
|
||||
before do
|
||||
stub_feature_flags(rate_limit_frontend_requests: false)
|
||||
end
|
||||
|
||||
where(:session, :env) do
|
||||
{} | {} # rubocop:disable Lint/BinaryOperatorWithIdenticalOperands
|
||||
{} | { 'HTTP_X_CSRF_TOKEN' => valid_token }
|
||||
{ _csrf_token: valid_token } | { 'HTTP_X_CSRF_TOKEN' => other_token }
|
||||
{ _csrf_token: valid_token } | { 'HTTP_X_CSRF_TOKEN' => valid_token }
|
||||
end
|
||||
|
||||
with_them do
|
||||
it { is_expected.to be(false) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#deprecated_api_request?' do
|
||||
|
|
Loading…
Reference in New Issue