diff options
| -rw-r--r-- | config/initializers/rack_attack.rb.example | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example index bc3234bf0b6..d093666561b 100644 --- a/config/initializers/rack_attack.rb.example +++ b/config/initializers/rack_attack.rb.example @@ -8,11 +8,19 @@ paths_to_be_protected = [ "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", "#{Rails.application.config.relative_url_root}/users", - "#{Rails.application.config.relative_url_root}/users/confirmation" + "#{Rails.application.config.relative_url_root}/users/confirmation", + "#{Rails.application.config.relative_url_root}/unsubscribes/*" + ] +paths_to_be_protected.map! { |path| Regexp.new(path) } + unless Rails.env.test? Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| - req.ip if paths_to_be_protected.include?(req.path) && req.post? + if req.post? + paths_paths_to_be_protected.each do |protected_path| + req.ip if req.path =~ protected_path + end + end end end |