github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-28 13:51:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Rate limit and hijack certificate generation. (#8215)

Browse Source 
To eliminate a DDOS attack vector, we're taking the following measures:

The endpoint will be rate-limited to 3 requests every 60 seconds (per user).
A 24 hours max-age cache header is sent with the response.
The route will be hijacked to generate the certificate in the background.
This commit is contained in:
Roman Rizzi
2019-10-21 13:14:15 -03:00
committed by GitHub
parent d5121e5ddb
commit 835d2be4da
4 changed files with 53 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/discourse-narrative-bot/spec/requests/discobot_certificate_spec.rb
View File

@ -27,7 +27,8 @@ describe "Discobot Certificate" do
end
it 'should return the right text' do
stub_request(:get, /letter_avatar_proxy/).to_return(status: 200)
stub_request(:get, /letter_avatar_proxy/).to_return(status: 200, body: 'http://test.localhost/cdn/avatar.png')
stub_request(:get, /avatar.png/).to_return(status: 200)
stub_request(:get, SiteSetting.site_logo_small_url)
.to_return(status: 200)