delta/gitlab/gitlab-ce.git/config/initializers/rack_attack_global.rb, branch document-lambda-deploygitlab.com: gitlab-org/gitlab-ce.git
Merge branch 'security-fix-pat-web-access' into 'master'2018-11-29T00:13:59+00:00Cindy Pallarescindy@gitlab.com2018-11-28T19:06:02+00:00fe5f75930e781ef854b458fafa307ebb90a8ed2e
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
Backport of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/58762018-05-29T12:25:43+00:00Valery Sizovvalery@gitlab.com2018-05-29T12:25:43+00:0064679a0d9a654d4df88af45b7fdd4e322091f51e
Remove internal api calls from the rack::attack throttling2018-02-15T16:54:36+00:00Francisco Javier Lópezfjlopez@gitlab.com2018-02-15T16:54:36+00:005ddd576c7e93da1c97b81af90f65e1f368266547
Don't add methods to Rack::Attack2017-11-17T08:58:18+00:00Michael Kozonomkozono@gmail.com2017-10-17T16:40:09+00:0009b01c756069058e02ba4fc9f5f53a534aef3fe3
Fix OAuth API and RSS rate limiting2017-11-17T08:58:18+00:00Michael Kozonomkozono@gmail.com2017-10-14T00:05:18+00:0043a682ccaa694d2a14f3d639d66708057859a628
Allow throttling code in test environment2017-11-17T08:58:18+00:00Michael Kozonomkozono@gmail.com2017-10-13T00:49:22+00:00d87030714a654b0dfa47aa6b38eb970731e7a04e
This code should not break other tests because the rate limits are off by default.
This code should not break other tests because the rate limits are off by default.