Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-05 08:59:27 +08:00
Code Packages Activity Actions 11

FEATURE: limit assets less that non asset paths

Browse source 
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
This commit is contained in:
Sam 2018-03-06 15:20:39 +11:00
parent 2658ef5e0b
commit f0d5f83424
7 changed files with 81 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/user_avatars_controller.rb
View file

@ -33,6 +33,8 @@ class UserAvatarsController < ApplicationController
end
def show_proxy_letter
is_asset_path
if SiteSetting.external_system_avatars_url !~ /^\/letter_avatar_proxy/
raise Discourse::NotFound
end
@ -56,6 +58,8 @@ class UserAvatarsController < ApplicationController
end
def show_letter
is_asset_path
params.require(:username)
params.require(:version)
params.require(:size)
@ -75,6 +79,8 @@ class UserAvatarsController < ApplicationController
end
def show
is_asset_path
# we need multisite support to keep a single origin pull for CDNs
RailsMultisite::ConnectionManagement.with_hostname(params[:hostname]) do
hijack do