-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
1
-
Issue Summary
Rate limiting does not work for Cookie based authorization
This is reproducible on Data Center: Yes
Steps to Reproduce
- Enable rate limiting
- Enable Cookie based authorization
- We will observe that Jira is not blocking the request if it breaches the limit
Expected Results
We can see the calls are getting blocked when it uses the basic authentication but if the code is using cookie-based authentication then it's getting bypassed from Rate Limiting.
Workaround
Using personal access token: PAT
- is duplicated by
-
JRASERVER-76021 Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting
- Needs Triage
- relates to
-
JRASERVER-76876 Rate limiting should be able to extract the username before authenticating when personal access token is used
- Gathering Interest