discourse/lib/middleware
Alan Guo Xiang Tan 2492fe7715
FIX: Set sane default for `Net::HTTP` when processing a request (#28141)
This commit patches `Net::HTTP` to reduce the default timeouts of 60
seconds when we are processing a request. There are certain routes in
Discourse which makes external requests and if the proper timeouts are
not set, we risk having the Unicorn master process force restarting the
Unicorn workers once the `30` seconds timeout is reached. This can
potentially become a vector for DoS attacks and this commit is aimed at
reducing the risk here.
2024-08-06 07:12:42 +08:00
..
anonymous_cache.rb FIX: crawler requests exceptions for non UTF-8 user agents with invalid bytes 2024-06-11 14:02:46 +02:00
csp_script_nonce_injector.rb DEV: Memoize CSP nonce placeholder on response (#25724) 2024-02-16 12:15:55 +00:00
discourse_public_exceptions.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
enforce_hostname.rb DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 12:10:19 +00:00
missing_avatars.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
omniauth_bypass_middleware.rb DEV: Relax auth provider registration restrictions for plugins (#24095) 2023-10-26 10:54:30 +01:00
processing_request.rb FIX: Set sane default for `Net::HTTP` when processing a request (#28141) 2024-08-06 07:12:42 +08:00
request_tracker.rb FEATURE: Only count topic views for explicit/deferred tracked views (#27533) 2024-07-03 10:38:49 +10:00
turbo_dev.rb DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 12:10:19 +00:00