Closed
Bug 1482644
Opened 7 years ago
Closed 6 years ago
Improve "Too many requests" page with an explanation
Categories
(bugzilla.mozilla.org :: General, enhancement)
Tracking
()
RESOLVED
FIXED
People
(Reporter: philipp, Assigned: dylan)
Details
(Keywords: bmo-ux)
in the past couple of days i'm starting to receive the "Too Many Requests" blocking message a number of times when trying to access bugzilla. it's ip based, since switching to a different vpn can work around that.
i'm not entirely sure what triggers it - either opening multiple bug reports within a short amount of time (that would always be in a logged-in state) or i'm also using an addon that would query bugzilla's rest api for information for a probably rather large amount of bugs while browsing https://crash-stats.mozilla.com:
https://addons.mozilla.org/firefox/addon/crash-stats-state-of-the-bug/
|
||
Comment 1•7 years ago
|
||
dylan, you manage the throttling stuff. Any ideas on this?
Flags: needinfo?(dylan)
|
Reporter | |
Comment 2•6 years ago
|
||
i think i'm getting the problem/temporary bmo ban after using the tool at https://mozilla.github.io/stab-crashes/compare-betas.html
|
||
Comment 3•6 years ago
|
||
(In reply to [:philipp] from comment #2)
> i think i'm getting the problem/temporary bmo ban after using the tool at
> https://mozilla.github.io/stab-crashes/compare-betas.html
https://mozilla.github.io/stab-crashes/compare-betas.html in particular doesn't hit Bugzilla, but some tools at https://mozilla.github.io/stab-crashes/ use the rest API without an API key.
|
|
||
Comment 4•6 years ago
|
||
Yes. I would check to see if you have any tabs open that are using bug dashboards that poll BMO with a lot of REST API calls. REST API calls and show_bug.cgi from the same IP are considered the same when it comes to rate limiting. So if your scripts or dashboards are making a large number of requests and then you go to load a bug through the UI, you could still get the too many requests error. Trying shutting down scripts/containers or open dashboard tabs when not being used would be helpful.
|
Assignee | |
Comment 5•6 years ago
|
||
Being logged in is a good way to prevent this from happening.
We're also exploring options for making this better.
Ultimately you can expect such "Too Many Requests" results to replaced with some sort of "Are you a human being?" check.
Flags: needinfo?(dylan)
|
|
Assignee | |
Updated•6 years ago
|
Severity: normal → major
Keywords: bmo-ux
Summary: receiving "Too many requests" recently → Improve the "Too many requests" page to explain why it has happened and what the user can do if it is a mistake
I think we want to consider what we allow with API keys for logged in users, and that we may want API keys to have limited roles (in case someone leaks a key as part of a static web app), and require additional steps/approvals for API keys that allow for editing bugs or accessing bugs through group permissions.
|
|
Assignee | |
Updated•6 years ago
|
Summary: Improve the "Too many requests" page to explain why it has happened and what the user can do if it is a mistake → Improve the "Too many requests" page to explain why it has happened and offer a recaptcha
|
|
Assignee | |
Updated•6 years ago
|
Assignee: nobody → dylan
|
|
Assignee | |
Updated•6 years ago
|
Summary: Improve the "Too many requests" page to explain why it has happened and offer a recaptcha → Improve "Too many requests" page with an explaination
|
||
Comment 8•6 years ago
|
||
Merged to master.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
|
||
Updated•6 years ago
|
Summary: Improve "Too many requests" page with an explaination → Improve "Too many requests" page with an explanation
You need to log in
before you can comment on or make changes to this bug.
Description
•