Add latest changes from gitlab-org/gitlab@12-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-26 14:09:19 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-11-26 14:09:19 +0300
commit: 3d7b56c54620b0ff31a3a455144bf4fef2377c17 (patch)
tree: b8ebaabc569670a9f561fc7c5c762e8ec9cf4487 /config
parent: 4d477238500c347c6553d335d920bedfc5a46869 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/config/initializers/rack_attack_new.rb b/config/initializers/rack_attack_new.rb
index b0f7febe427..50f9d7971cc 100644
--- a/config/initializers/rack_attack_new.rb
+++ b/config/initializers/rack_attack_new.rb
@@ -59,7 +59,8 @@ class Rack::Attack
   end
 
   throttle('throttle_unauthenticated_protected_paths', Gitlab::Throttle.protected_paths_options) do |req|
-    Gitlab::Throttle.protected_paths_enabled? &&
+    req.post? &&
+      Gitlab::Throttle.protected_paths_enabled? &&
       req.unauthenticated? &&
       !req.should_be_skipped? &&
       req.protected_path? &&
@@ -67,14 +68,16 @@ class Rack::Attack
   end
 
   throttle('throttle_authenticated_protected_paths_api', Gitlab::Throttle.protected_paths_options) do |req|
-    Gitlab::Throttle.protected_paths_enabled? &&
+    req.post? &&
+      Gitlab::Throttle.protected_paths_enabled? &&
       req.api_request? &&
       req.protected_path? &&
       req.authenticated_user_id([:api])
   end
 
   throttle('throttle_authenticated_protected_paths_web', Gitlab::Throttle.protected_paths_options) do |req|
-    Gitlab::Throttle.protected_paths_enabled? &&
+    req.post? &&
+      Gitlab::Throttle.protected_paths_enabled? &&
       req.web_request? &&
       req.protected_path? &&
       req.authenticated_user_id([:api, :rss, :ics])
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-26 14:09:19 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-11-26 14:09:19 +0300
commit	3d7b56c54620b0ff31a3a455144bf4fef2377c17 (patch)
tree	b8ebaabc569670a9f561fc7c5c762e8ec9cf4487 /config
parent	4d477238500c347c6553d335d920bedfc5a46869 (diff)