Commit Graph

5 Commits

Author SHA1 Message Date
Roman Rizzi
3a73f29928 FIX: Rate limit and hijack certificate generation. (#8215)
To eliminate a DDOS attack vector, we're taking the following measures:

The endpoint will be rate-limited to 3 requests every 60 seconds (per user).
A 24 hours max-age cache header is sent with the response.
The route will be hijacked to generate the certificate in the background.
2019-10-22 15:39:58 -03:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Guo Xiang Tan
32171ad286 FIX: Invalid logo in discobot's certificate when SiteSetting.logo_small_url is blank.
https://meta.discourse.org/t/broken-image-in-discobot-certificate-with-no-logo-small-url/76594/2
2017-12-22 09:36:53 +08:00
Guo Xiang Tan
ee1b90503c FIX: Error when an invalid date is passed to certificate generator.
https://meta.discourse.org/t/broken-image-in-discobot-certificate-with-no-logo-small-url/76594/2
2017-12-22 09:36:52 +08:00