github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 23:54:16 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
0cf6421716
discourse/spec/lib/middleware/anonymous_cache_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

384 lines
12 KiB
Ruby
Raw Normal View History

DEV: use #frozen_string_literal: true on all spec This change both speeds up specs (less strings to allocate) and helps catch cases where methods in Discourse are mutating inputs. Overall we will be migrating everything to use #frozen_string_literal: true it will take a while, but this is the first and safest move in this direction
2019-04-30 08:27:42 +08:00
# frozen_string_literal: true
Add RSpec 4 compatibility (#17652) * Remove outdated option https://github.com/rspec/rspec-core/commit/04078317ba6577699d06cf4dccf014254dcde7a6 * Use the non-globally exposed RSpec syntax https://github.com/rspec/rspec-core/pull/2803 * Use the non-globally exposed RSpec syntax, cont https://github.com/rspec/rspec-core/pull/2803 * Comply to strict predicate matchers See: - https://github.com/rspec/rspec-expectations/pull/1195 - https://github.com/rspec/rspec-expectations/pull/1196 - https://github.com/rspec/rspec-expectations/pull/1277
2022-07-28 10:27:38 +08:00
RSpec.describe Middleware::AnonymousCache do
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
let(:middleware) { Middleware::AnonymousCache.new(lambda { |_| [200, {}, []] }) }
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created
2013-10-16 13:39:18 +08:00
FEATURE: rudimentary view tracking wired in
2015-02-04 13:14:56 +08:00
def env(opts = {})
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
create_request_env(path: "http://test.com/path?bla=1").merge(opts)
FEATURE: rudimentary view tracking wired in
2015-02-04 13:14:56 +08:00
end
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
describe Middleware::AnonymousCache::Helper do
def new_helper(opts = {})
Middleware::AnonymousCache::Helper.new(env(opts))
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created
2013-10-16 13:39:18 +08:00
end
DEV: Use proper wording for contexts in specs
2022-07-28 00:14:14 +08:00
describe "#cacheable?" do
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
it "true by default" do
expect(new_helper.cacheable?).to eq(true)
end
it "is false for non GET" do
expect(new_helper("ANON_CACHE_DURATION" => 10, "REQUEST_METHOD" => "POST").cacheable?).to eq(false)
end
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
it "is false if it has a valid auth cookie" do
cookie = create_auth_cookie(token: SecureRandom.hex)
expect(new_helper("HTTP_COOKIE" => "jack=1; _t=#{cookie}; jill=2").cacheable?).to eq(false)
end
it "is true if it has an invalid auth cookie" do
cookie = create_auth_cookie(token: SecureRandom.hex, issued_at: 5.minutes.ago)
cookie = swap_2_different_characters(cookie)
FIX: Correctly handle invalid auth cookies (#16995) Previously it would blow up on invalid utf byte sequences. This was a source of spec flakiness.
2022-06-07 19:00:25 +08:00
cookie.prepend("%a0%a1") # an invalid byte sequence
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
expect(new_helper("HTTP_COOKIE" => "jack=1; _t=#{cookie}; jill=2").cacheable?).to eq(true)
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
end
FIX: Bypass `AnonymousCache` for `/srv/status` route. (#11491) `/srv/status` routes should not be cached at all. Also, we want to decouple the route from Redis which `AnonymouseCache` relies on. The `/srv/status` should continue to return a success response even if Redis is down.
2020-12-16 13:47:46 +08:00
it "is false for srv/status routes" do
expect(new_helper("PATH_INFO" => "/srv/status").cacheable?).to eq(false)
end
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created
2013-10-16 13:39:18 +08:00
end
logged in requests were being treated as anon, causing major havoc
2013-10-17 07:37:06 +08:00
DEV: Use proper wording for contexts in specs
2022-07-28 00:14:14 +08:00
describe "per theme cache" do
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
it "handles theme keys" do
theme = Fabricate(:theme, user_selectable: true)
with_bad_theme_key = new_helper("HTTP_COOKIE" => "theme_ids=abc").cache_key
with_no_theme_key = new_helper().cache_key
expect(with_bad_theme_key).to eq(with_no_theme_key)
with_good_theme_key = new_helper("HTTP_COOKIE" => "theme_ids=#{theme.id}").cache_key
expect(with_good_theme_key).not_to eq(with_no_theme_key)
end
logged in requests were being treated as anon, causing major havoc
2013-10-17 07:37:06 +08:00
end
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created
2013-10-16 13:39:18 +08:00
FEATURE: new site setting to set locale from cookie for anonymous users. (#18377) This new hidden default-disabled site setting `set_locale_from_cookie` will set locale from anonymous user's cookie value.
2022-09-27 16:56:06 +08:00
context "with header or cookie based custom locale" do
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
it "handles different languages" do
# Normally does not check the language header
french1 = new_helper("HTTP_ACCEPT_LANGUAGE" => "fr").cache_key
french2 = new_helper("HTTP_ACCEPT_LANGUAGE" => "FR").cache_key
english = new_helper("HTTP_ACCEPT_LANGUAGE" => SiteSetting.default_locale).cache_key
none = new_helper.cache_key
SECURITY: theme key should be an anon cache breaker
2017-06-15 21:36:27 +08:00
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
expect(none).to eq(french1)
expect(none).to eq(french2)
expect(none).to eq(english)
SECURITY: theme key should be an anon cache breaker
2017-06-15 21:36:27 +08:00
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
SiteSetting.allow_user_locale = true
SiteSetting.set_locale_from_accept_language_header = true
SECURITY: theme key should be an anon cache breaker
2017-06-15 21:36:27 +08:00
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
french1 = new_helper("HTTP_ACCEPT_LANGUAGE" => "fr").cache_key
french2 = new_helper("HTTP_ACCEPT_LANGUAGE" => "FR").cache_key
english = new_helper("HTTP_ACCEPT_LANGUAGE" => SiteSetting.default_locale).cache_key
none = new_helper.cache_key
SECURITY: theme key should be an anon cache breaker
2017-06-15 21:36:27 +08:00
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
expect(none).to eq(english)
expect(french1).to eq(french2)
expect(french1).not_to eq(none)
FEATURE: new site setting to set locale from cookie for anonymous users. (#18377) This new hidden default-disabled site setting `set_locale_from_cookie` will set locale from anonymous user's cookie value.
2022-09-27 16:56:06 +08:00
SiteSetting.set_locale_from_cookie = true
expect(new_helper("HTTP_COOKIE" => "locale=es;").cache_key).to include("l=es")
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
end
SECURITY: theme key should be an anon cache breaker
2017-06-15 21:36:27 +08:00
end
SECURITY: Ensure user-agent-based responses are cached separately (#16475)
2022-04-14 21:25:52 +08:00
it "handles old browsers" do
SiteSetting.browser_update_user_agents = "my_old_browser"
key1 = new_helper("HTTP_USER_AGENT" => "my_old_browser").cache_key
key2 = new_helper("HTTP_USER_AGENT" => "my_new_browser").cache_key
expect(key1).not_to eq(key2)
end
it "handles modern mobile browsers" do
key1 = new_helper("HTTP_USER_AGENT" => "Safari (iPhone OS 7)").cache_key
key2 = new_helper("HTTP_USER_AGENT" => "Safari (iPhone OS 15)").cache_key
expect(key1).not_to eq(key2)
end
DEV: Use proper wording for contexts in specs
2022-07-28 00:14:14 +08:00
context "when cached" do
DEV: Refactor anonymouse cache spec. Mainly to properly categorize `Middleware::AnonymousCache` vs `Middleware::AnonymousCache::Helper` specs.
2020-08-03 14:15:59 +08:00
let!(:helper) do
new_helper("ANON_CACHE_DURATION" => 10)
end
let!(:crawler) do
new_helper("ANON_CACHE_DURATION" => 10, "HTTP_USER_AGENT" => "AdsBot-Google (+http://www.google.com/adsbot.html)")
end
after do
helper.clear_cache
crawler.clear_cache
end
before do
global_setting :anon_cache_store_threshold, 1
end
it "compresses body on demand" do
global_setting :compress_anon_cache, true
payload = "x" * 1000
helper.cache([200, { "HELLO" => "WORLD" }, [payload]])
helper = new_helper("ANON_CACHE_DURATION" => 10)
expect(helper.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, [payload]])
# depends on i7z implementation, but lets assume it is stable unless we discover
# otherwise
expect(Discourse.redis.get(helper.cache_key_body).length).to eq(16)
end
it "handles brotli switching" do
helper.cache([200, { "HELLO" => "WORLD" }, ["hello ", "my world"]])
helper = new_helper("ANON_CACHE_DURATION" => 10)
expect(helper.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello my world"]])
helper = new_helper("ANON_CACHE_DURATION" => 10, "HTTP_ACCEPT_ENCODING" => "gz, br")
expect(helper.cached).to eq(nil)
end
it "returns cached data for cached requests" do
helper.is_mobile = true
expect(helper.cached).to eq(nil)
helper.cache([200, { "HELLO" => "WORLD" }, ["hello ", "my world"]])
helper = new_helper("ANON_CACHE_DURATION" => 10)
helper.is_mobile = true
expect(helper.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello my world"]])
expect(crawler.cached).to eq(nil)
crawler.cache([200, { "HELLO" => "WORLD" }, ["hello ", "world"]])
expect(crawler.cached).to eq([200, { "X-Discourse-Cached" => "true", "HELLO" => "WORLD" }, ["hello world"]])
end
FIX: Include resolved locale in anonymous cache key (#10289) This only applies when set_locale_from_accept_language_header is enabled
2020-07-23 01:00:07 +08:00
end
end
DEV: Use proper wording for contexts in specs
2022-07-28 00:14:14 +08:00
describe 'background request rate limit' do
PERF: backoff background requests when overloaded (#10888) When the server gets overloaded and lots of requests start queuing server will attempt to shed load by returning 429 errors on background requests. The client can flag a request as background by setting the header: `Discourse-Background` to `true` Out-of-the-box we shed load when the queue time goes above 0.5 seconds. The only request we shed at the moment is the request to load up a new post when someone posts to a topic. We can extend this as we go with a more general pattern on the client. Previous to this change, rate limiting would "break" the post stream which would make suggested topics vanish and users would have to scroll the page to see more posts in the topic. Server needs this protection for cases where tons of clients are navigated to a topic and a new post is made. This can lead to a self inflicted denial of service if enough clients are viewing the topic. Due to the internal security design of Discourse it is hard for a large number of clients to share a channel where we would pass the full post body via the message bus. It also renames (and deprecates) triggerNewPostInStream to triggerNewPostsInStream This allows us to load a batch of new posts cleanly, so the controller can keep track of a backlog Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-10-13 13:56:03 +08:00
it 'will rate limit background requests' do
app = Middleware::AnonymousCache.new(
lambda do |env|
[200, {}, ["ok"]]
end
)
DEV: ensure queue_time and background_requests are floats (#10901) GlobalSetting can end up with a String and we expect a Float
2020-10-13 15:08:38 +08:00
global_setting :background_requests_max_queue_length, "0.5"
PERF: backoff background requests when overloaded (#10888) When the server gets overloaded and lots of requests start queuing server will attempt to shed load by returning 429 errors on background requests. The client can flag a request as background by setting the header: `Discourse-Background` to `true` Out-of-the-box we shed load when the queue time goes above 0.5 seconds. The only request we shed at the moment is the request to load up a new post when someone posts to a topic. We can extend this as we go with a more general pattern on the client. Previous to this change, rate limiting would "break" the post stream which would make suggested topics vanish and users would have to scroll the page to see more posts in the topic. Server needs this protection for cases where tons of clients are navigated to a topic and a new post is made. This can lead to a self inflicted denial of service if enough clients are viewing the topic. Due to the internal security design of Discourse it is hard for a large number of clients to share a channel where we would pass the full post body via the message bus. It also renames (and deprecates) triggerNewPostInStream to triggerNewPostsInStream This allows us to load a batch of new posts cleanly, so the controller can keep track of a backlog Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-10-13 13:56:03 +08:00
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
cookie = create_auth_cookie(token: SecureRandom.hex)
env = create_request_env.merge(
"HTTP_COOKIE" => "_t=#{cookie}",
PERF: backoff background requests when overloaded (#10888) When the server gets overloaded and lots of requests start queuing server will attempt to shed load by returning 429 errors on background requests. The client can flag a request as background by setting the header: `Discourse-Background` to `true` Out-of-the-box we shed load when the queue time goes above 0.5 seconds. The only request we shed at the moment is the request to load up a new post when someone posts to a topic. We can extend this as we go with a more general pattern on the client. Previous to this change, rate limiting would "break" the post stream which would make suggested topics vanish and users would have to scroll the page to see more posts in the topic. Server needs this protection for cases where tons of clients are navigated to a topic and a new post is made. This can lead to a self inflicted denial of service if enough clients are viewing the topic. Due to the internal security design of Discourse it is hard for a large number of clients to share a channel where we would pass the full post body via the message bus. It also renames (and deprecates) triggerNewPostInStream to triggerNewPostsInStream This allows us to load a batch of new posts cleanly, so the controller can keep track of a backlog Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-10-13 13:56:03 +08:00
"HOST" => "site.com",
"REQUEST_METHOD" => "GET",
"REQUEST_URI" => "/somewhere/rainbow",
"REQUEST_QUEUE_SECONDS" => 2.1,
"rack.input" => StringIO.new
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
)
PERF: backoff background requests when overloaded (#10888) When the server gets overloaded and lots of requests start queuing server will attempt to shed load by returning 429 errors on background requests. The client can flag a request as background by setting the header: `Discourse-Background` to `true` Out-of-the-box we shed load when the queue time goes above 0.5 seconds. The only request we shed at the moment is the request to load up a new post when someone posts to a topic. We can extend this as we go with a more general pattern on the client. Previous to this change, rate limiting would "break" the post stream which would make suggested topics vanish and users would have to scroll the page to see more posts in the topic. Server needs this protection for cases where tons of clients are navigated to a topic and a new post is made. This can lead to a self inflicted denial of service if enough clients are viewing the topic. Due to the internal security design of Discourse it is hard for a large number of clients to share a channel where we would pass the full post body via the message bus. It also renames (and deprecates) triggerNewPostInStream to triggerNewPostsInStream This allows us to load a batch of new posts cleanly, so the controller can keep track of a backlog Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-10-13 13:56:03 +08:00
# non background ... long request
env["REQUEST_QUEUE_SECONDS"] = 2
status, _ = app.call(env.dup)
expect(status).to eq(200)
env["HTTP_DISCOURSE_BACKGROUND"] = "true"
status, headers, body = app.call(env.dup)
expect(status).to eq(429)
expect(headers["content-type"]).to eq("application/json; charset=utf-8")
json = JSON.parse(body.join)
expect(json["extras"]["wait_seconds"]).to be > 4.9
DEV: ensure queue_time and background_requests are floats (#10901) GlobalSetting can end up with a String and we expect a Float
2020-10-13 15:08:38 +08:00
env["REQUEST_QUEUE_SECONDS"] = 0.4
PERF: backoff background requests when overloaded (#10888) When the server gets overloaded and lots of requests start queuing server will attempt to shed load by returning 429 errors on background requests. The client can flag a request as background by setting the header: `Discourse-Background` to `true` Out-of-the-box we shed load when the queue time goes above 0.5 seconds. The only request we shed at the moment is the request to load up a new post when someone posts to a topic. We can extend this as we go with a more general pattern on the client. Previous to this change, rate limiting would "break" the post stream which would make suggested topics vanish and users would have to scroll the page to see more posts in the topic. Server needs this protection for cases where tons of clients are navigated to a topic and a new post is made. This can lead to a self inflicted denial of service if enough clients are viewing the topic. Due to the internal security design of Discourse it is hard for a large number of clients to share a channel where we would pass the full post body via the message bus. It also renames (and deprecates) triggerNewPostInStream to triggerNewPostsInStream This allows us to load a batch of new posts cleanly, so the controller can keep track of a backlog Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-10-13 13:56:03 +08:00
status, _ = app.call(env.dup)
expect(status).to eq(200)
end
end
DEV: Use proper wording for contexts in specs
2022-07-28 00:14:14 +08:00
describe '#force_anonymous!' do
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
before do
RateLimiter.enable
end
it 'will revert to anonymous once we reach the limit' do
RateLimiter.clear_all!
is_anon = false
app = Middleware::AnonymousCache.new(
lambda do |env|
FIX: Strip `discourse-logged-in` header during `force_anonymous!` (#14533) When the anonymous cache forces users into anonymous mode, it strips the cookies from their request. However, the discourse-logged-in header from the JS client remained. When the discourse-logged-in header is present without any valid auth_token, the current_user_provider [marks the request as ['logged out'](https://github.com/discourse/discourse/blob/dbbfad7ed07c47674f9dee4ac7021ca51cc04e2e/lib/auth/default_current_user_provider.rb#L125-L125), and a [discourse-logged-out header is returned to the client](https://github.com/discourse/discourse/blob/dbbfad7ed07c47674f9dee4ac7021ca51cc04e2e/lib/middleware/request_tracker.rb#L209-L211). This causes the JS app to [popup a "you were logged out" modal](https://github.com/discourse/discourse/blob/dbbfad7ed07c47674f9dee4ac7021ca51cc04e2e/app/assets/javascripts/discourse/app/components/d-document.js#L29-L29), which is very disruptive. This commit strips the discourse-logged-in header from the request at the same time as the auth cookie.
2021-10-07 19:31:42 +08:00
is_anon = env["HTTP_COOKIE"].nil? && env["HTTP_DISCOURSE_LOGGED_IN"].nil?
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
[200, {}, ["ok"]]
end
)
global_setting :force_anonymous_min_per_10_seconds, 2
global_setting :force_anonymous_min_queue_seconds, 1
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
cookie = create_auth_cookie(token: SecureRandom.hex)
env = create_request_env.merge(
"HTTP_COOKIE" => "_t=#{cookie}",
FIX: Strip `discourse-logged-in` header during `force_anonymous!` (#14533) When the anonymous cache forces users into anonymous mode, it strips the cookies from their request. However, the discourse-logged-in header from the JS client remained. When the discourse-logged-in header is present without any valid auth_token, the current_user_provider [marks the request as ['logged out'](https://github.com/discourse/discourse/blob/dbbfad7ed07c47674f9dee4ac7021ca51cc04e2e/lib/auth/default_current_user_provider.rb#L125-L125), and a [discourse-logged-out header is returned to the client](https://github.com/discourse/discourse/blob/dbbfad7ed07c47674f9dee4ac7021ca51cc04e2e/lib/middleware/request_tracker.rb#L209-L211). This causes the JS app to [popup a "you were logged out" modal](https://github.com/discourse/discourse/blob/dbbfad7ed07c47674f9dee4ac7021ca51cc04e2e/app/assets/javascripts/discourse/app/components/d-document.js#L29-L29), which is very disruptive. This commit strips the discourse-logged-in header from the request at the same time as the auth cookie.
2021-10-07 19:31:42 +08:00
"HTTP_DISCOURSE_LOGGED_IN" => "true",
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
"HOST" => "site.com",
"REQUEST_METHOD" => "GET",
"REQUEST_URI" => "/somewhere/rainbow",
"REQUEST_QUEUE_SECONDS" => 2.1,
"rack.input" => StringIO.new
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
)
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load
2018-04-23 09:54:58 +08:00
is_anon = false
app.call(env.dup)
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
expect(is_anon).to eq(false)
PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load
2018-04-23 09:54:58 +08:00
is_anon = false
app.call(env.dup)
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
expect(is_anon).to eq(false)
PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load
2018-04-23 09:54:58 +08:00
is_anon = false
app.call(env.dup)
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
expect(is_anon).to eq(true)
PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load
2018-04-23 09:54:58 +08:00
is_anon = false
_status, headers, _body = app.call(env.dup)
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
expect(is_anon).to eq(true)
FIX: specify path for dosp cookie
2018-04-24 11:24:26 +08:00
expect(headers['Set-Cookie']).to eq('dosp=1; Path=/')
PERF: improve performance once logged in rate limiter hits If "logged in" is being forced anonymous on certain routes, trigger the protection for any requests that spend 50ms queueing This means that ... 1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval 2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected This means that site will continue to function with almost no delays while it is scaling up to handle the new load
2018-04-23 09:54:58 +08:00
# tricky change, a 50ms delay still will trigger protection
# once it is tripped
env["REQUEST_QUEUE_SECONDS"] = 0.05
is_anon = false
app.call(env.dup)
expect(is_anon).to eq(true)
is_anon = false
env["REQUEST_QUEUE_SECONDS"] = 0.01
app.call(env.dup)
expect(is_anon).to eq(false)
FEATURE: if site is under extreme load show anon view If a particular path is being hit extremely hard by logged on users, revert to anonymous cached view. This will only come into effect if 3 requests queue for longer than 2 seconds on a *single* path. This can happen if a URL is shared with the entire forum base and everyone is logged on
2018-04-18 14:58:40 +08:00
end
end
DEV: Use proper wording for contexts in specs
2022-07-28 00:14:14 +08:00
describe 'invalid request payload' do
SECURITY: 413 for GET, HEAD or DELETE requests with payload.
2020-08-03 14:11:17 +08:00
it 'returns 413 for GET request with payload' do
SECURITY: Disallow caching of MIME/Content-Type errors (#14907) This will sign intermediary proxies and/or misconfigured CDNs to not cache those error responses.
2021-11-13 02:52:25 +08:00
status, headers, _ = middleware.call(env.tap do |environment|
SECURITY: 413 for GET, HEAD or DELETE requests with payload.
2020-08-03 14:11:17 +08:00
environment[Rack::RACK_INPUT].write("test")
end)
expect(status).to eq(413)
SECURITY: Disallow caching of MIME/Content-Type errors (#14907) This will sign intermediary proxies and/or misconfigured CDNs to not cache those error responses.
2021-11-13 02:52:25 +08:00
expect(headers["Cache-Control"]).to eq("private, max-age=0, must-revalidate")
SECURITY: 413 for GET, HEAD or DELETE requests with payload.
2020-08-03 14:11:17 +08:00
end
end
DEV: Use proper wording for contexts in specs
2022-07-28 00:14:14 +08:00
describe "crawler blocking" do
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
let :non_crawler do
{
"HTTP_USER_AGENT" =>
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
}
end
def get(path, options)
@env = env({
"REQUEST_URI" => path,
"PATH_INFO" => path,
"REQUEST_PATH" => path
}.merge(options[:headers]))
FIX: error in response body to blocked crawlers, showing 500 Internal Server Error with status of 403
2018-09-15 03:39:24 +08:00
@status, @response_header, @response = middleware.call(@env)
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
end
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
it "applies allowed_crawler_user_agents correctly" do
SiteSetting.allowed_crawler_user_agents = 'Googlebot'
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
get '/', headers: {
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
}
expect(@status).to eq(200)
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
get '/', headers: {
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
'HTTP_USER_AGENT' => 'Anotherbot/2.1 (+http://www.notgoogle.com/bot.html)'
}
expect(@status).to eq(403)
FIX: error in response body to blocked crawlers, showing 500 Internal Server Error with status of 403
2018-09-15 03:39:24 +08:00
expect(@response).to be_an(Array)
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
get '/', headers: non_crawler
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
expect(@status).to eq(200)
end
FIX: don't block api requests when whitelisted_crawler_user_agents is set
2018-09-15 03:34:21 +08:00
it "doesn't block api requests" do
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
SiteSetting.allowed_crawler_user_agents = 'Googlebot'
FIX: don't block api requests when whitelisted_crawler_user_agents is set
2018-09-15 03:34:21 +08:00
api_key = Fabricate(:api_key)
get "/latest?api_key=#{api_key.key}&api_username=system", headers: {
"QUERY_STRING" => "api_key=#{api_key.key}&api_username=system"
}
expect(@status).to eq(200)
end
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
it "applies blocked_crawler_user_agents correctly" do
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
get '/', headers: non_crawler
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
expect(@status).to eq(200)
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
get '/', headers: {
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
}
expect(@status).to eq(403)
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
get '/', headers: {
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
'HTTP_USER_AGENT' => 'Twitterbot/2.1 (+http://www.notgoogle.com/bot.html)'
}
expect(@status).to eq(200)
end
it "should never block robots.txt" do
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
get '/robots.txt', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
}
expect(@status).to eq(200)
end
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
it "should never block srv/status" do
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
get '/srv/status', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
}
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
expect(@status).to eq(200)
end
it "blocked crawlers shouldn't log page views" do
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
FIX: never block /srv/status which is used for health checks This route is also very cheap so blocking it is not required It is still rate limited and so on elsewhere
2018-07-18 10:33:06 +08:00
get '/', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
}
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
expect(@env["discourse.request_tracker.skip"]).to eq(true)
end
it "blocks json requests" do
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
SiteSetting.blocked_crawler_user_agents = 'Googlebot'
FIX: move crawler blocking into anon cache This refinement of previous fix moves the crawler blocking into anonymous cache This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 09:14:43 +08:00
get '/srv/status.json', headers: {
'HTTP_USER_AGENT' => 'Googlebot/2.1 (+http://www.google.com/bot.html)'
}
expect(@status).to eq(403)
end
end
remove rack cache, it has been causing trouble instead implement an aggressive anonymous cache that is stored in redis this cache is sitting in the front of the middleware stack enabled only in production TODO: expire it more intelligently when stuff is created
2013-10-16 13:39:18 +08:00
end
Reference in New Issue Copy Permalink