supabase / auth / 19971839037 / 1
68%
master: 69%

LAST BUILD BRANCH: release-please--branches--master
DEFAULT BRANCH: master
Ran
Files 170
Run time 7s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 68.449% (+0.01%) from 68.435%
19971839037.1

Pull #2282

github

jnschaeffer 
feat: Treat rate limit header value as comma-separated list

This commit updates performRateLimiting to treat the rate limit header
value as a comma-separated list and enforce rate limiting based on the
first value in that list.

Certain HTTP headers, such as X-Forwarded-For and other headers that
are combined according to RFC 7230, can be represented as a
comma-separated list of values. Intermediate proxies may add their own
values to these headers, modifying the resulting value. For example,
an end user with a single IP address proxied through a fleet of load
balancers using the X-Forwarded-For header may be associated with
multiple X-Forwarded-For header values, e.g.,
"2.2.2.2,100.100.100.100" and "2.2.2.2,300.300.300.300". The current
implementation of performRateLimiting treats each of these as separate
rate limiting keys.

To address this issue, this commit splits the rate limit header by
commas and takes the first value (with whitespace removed) to use as
the rate limiting key.

Note that this logic is superficially similar to the
utilities.GetIPAddress function with two key differences. In
performRateLimiting, there is no set format for a given rate limiting
key, nor is there a fallback value after the first value in the list
that the API should use.
Pull Request #2282: feat: Treat rate limit header value as comma-separated list

14655 of 21410 relevant lines covered (68.45%)

77.64 hits per line

Source Files on job 19971839037.1