Commit Graph

5 Commits

Author SHA1 Message Date
Roman Rizzi
835d2be4da
FIX: Rate limit and hijack certificate generation. (#8215)
To eliminate a DDOS attack vector, we're taking the following measures:

The endpoint will be rate-limited to 3 requests every 60 seconds (per user).
A 24 hours max-age cache header is sent with the response.
The route will be hijacked to generate the certificate in the background.
2019-10-21 13:14:15 -03:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
Penar Musaraj
3c5fbd3ce1 FIX: do not send welcome message to staged users 2019-01-30 18:03:16 -05:00
Guo Xiang Tan
07d07c7b5f FIX: Make Discobot certificate route require login. 2018-08-20 11:22:59 +08:00