diff options
| -rw-r--r-- | config/initializers/rack_attack.rb.example | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example index d093666561b..332865d2881 100644 --- a/config/initializers/rack_attack.rb.example +++ b/config/initializers/rack_attack.rb.example @@ -9,18 +9,18 @@ paths_to_be_protected = [ "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", "#{Rails.application.config.relative_url_root}/users", "#{Rails.application.config.relative_url_root}/users/confirmation", - "#{Rails.application.config.relative_url_root}/unsubscribes/*" + "#{Rails.application.config.relative_url_root}/unsubscribes/" ] -paths_to_be_protected.map! { |path| Regexp.new(path) } +# Create one big regular expression that matches strings starting with any of +# the paths_to_be_protected. +paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) unless Rails.env.test? Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| - if req.post? - paths_paths_to_be_protected.each do |protected_path| - req.ip if req.path =~ protected_path - end + if req.post? && req.path =~ paths_regex + req.ip end end end |