Login should ratelimit on POST requests only

RESOLVED WONTFIX

Status

addons.mozilla.org Graveyard
Public Pages
RESOLVED WONTFIX
7 years ago
2 years ago

People

(Reporter: cvan, Unassigned)

Tracking

unspecified
4.x (triaged)

Details

(Reporter)

Description

7 years ago
Login page is ratelimited such that there is an allowed maximum of 15 requests per minute. This includes both GET and POST. We should be ratelimiting upon POST requests only.
(Reporter)

Updated

7 years ago
Assignee: nobody → cwiemeersch
Target Milestone: --- → 6.2.9
(Reporter)

Updated

7 years ago
Target Milestone: 6.2.9 → 6.3.0
(Reporter)

Updated

7 years ago
Target Milestone: 6.3.0 → 6.3.2
(Reporter)

Comment 1

7 years ago
Pushing this back since ratelimiting is still disabled.
Target Milestone: 6.3.2 → 6.3.4
Target Milestone: 6.3.4 → 6.3.3
(Reporter)

Comment 2

7 years ago
I'll worry about this when the new login page goes live (bug 560978).
Target Milestone: 6.3.3 → 4.x (triaged)
(Reporter)

Updated

6 years ago
Assignee: cvan → nobody
I don't mind GET being limited
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
(Reporter)

Comment 4

5 years ago
We removed ratelimiting altogether. But ratelimiting GET was causing QA headaches.
good point
(Assignee)

Updated

2 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.