diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/rack_attack.rb.example | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example index 1d2dee9a054..1d10a53d505 100644 --- a/config/initializers/rack_attack.rb.example +++ b/config/initializers/rack_attack.rb.example @@ -5,11 +5,13 @@ paths_to_be_protected = [ "#{Rails.application.config.relative_url_root}/users/password", "#{Rails.application.config.relative_url_root}/users/sign_in", + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", + "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", "#{Rails.application.config.relative_url_root}/users" ] unless Rails.env.test? - Rack::Attack.throttle('protected paths', limit: 6, period: 60.seconds) do |req| + Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| req.ip if paths_to_be_protected.include?(req.path) && req.post? end end |