Login should ratelimit on POST requests only

RESOLVED WONTFIX

Status

RESOLVED WONTFIX
7 years ago
3 years ago

People

(Reporter: cvan, Unassigned)

Tracking

unspecified
4.x (triaged)

Details

Login page is ratelimited such that there is an allowed maximum of 15 requests per minute. This includes both GET and POST. We should be ratelimiting upon POST requests only.
(Reporter)

Updated

7 years ago
Assignee: nobody → cwiemeersch
Target Milestone: --- → 6.2.9
(Reporter)

Updated

7 years ago
Target Milestone: 6.2.9 → 6.3.0
(Reporter)

Updated

7 years ago
Target Milestone: 6.3.0 → 6.3.2
Pushing this back since ratelimiting is still disabled.
Target Milestone: 6.3.2 → 6.3.4
Target Milestone: 6.3.4 → 6.3.3
I'll worry about this when the new login page goes live (bug 560978).
Target Milestone: 6.3.3 → 4.x (triaged)
(Reporter)

Updated

7 years ago
Assignee: cvan → nobody
I don't mind GET being limited
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
We removed ratelimiting altogether. But ratelimiting GET was causing QA headaches.
good point
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.