From a5641a9244f2289be1916953609f0b5184f85cb0 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 9 Aug 2024 16:48:05 +0200 Subject: [PATCH] Fix incorrect rate limit on PUT requests (#31356) --- config/initializers/rack_attack.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index 6d8284e2b45..8125b335f95 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -142,7 +142,7 @@ class Rack::Attack end throttle('throttle_password_change/account', limit: 10, period: 10.minutes) do |req| - req.warden_user_id if req.put? || (req.patch? && req.path_matches?('/auth')) + req.warden_user_id if (req.put? || req.patch?) && (req.path_matches?('/auth') || req.path_matches?('/auth/password')) end self.throttled_responder = lambda do |request|