-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate limit changes should be reflected on the API Client #178
Comments
Started to look into this, but when I hit |
Activating the |
We've discovered that this is a configuration level issue rather than a code level problem. Swapping the |
@derekherman sounds like we need you to change the config (.env) files on GCP to resolve this, is that correct? |
From today's Tidechat:
@kkoppenhaver are you able to help take a look at what's needed here? |
Issue Overview
Currently the rate limit is incrementing on the Audit Client instead of the API Client for proxied requests. Meaning that the PHPCS & Lighthouse Servers use an Audit Client to proxy the request on behalf of the API Client. Those servers make
POST
requests to the API to write data on behalf of thewporg
user and should be exempt of all rate limiting.Steps to Reproduce
You would login to the WP admin and check the rate limit values on the user profile page, then run an audit and check that the used API requests goes up for the
wporg
user (or any other user for that matter) instead of theaudit-server
user.Expected Behavior
The used requests for the
wporg
user go up when requesting an audit, and theaudit-server
is exempt from rate limiting.Current Behavior
When requesting an audit the
audit-server
used requests go up and the rate limit for thewporg
user stay the same, unless aPOST
request was used to request the audit and in that case both users get1
request added to the totals instead of2
to thewporg
user and zero to theaudit-server
.Possible Solutions
Inside the rate limit class check for the Audit Client role and if we're doing a proxied request for the API Client. The request would increment the user the request was proxied for. However, if the
request_client
was not set then it could only mean the request was made directly and we should increment the limit or completely remove rate limiting from the audit client role. Up for discussion on this.The text was updated successfully, but these errors were encountered: