Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Security
Labels:
None

UIS:
1
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Issue Summary

Rate limiting does not work for Cookie based authorization

This is reproducible on Data Center: Yes

Steps to Reproduce

Enable rate limiting
Enable Cookie based authorization
We will observe that Jira is not blocking the request if it breaches the limit

Expected Results

We can see the calls are getting blocked when it uses the basic authentication but if the code is using cookie-based authentication then it's getting bypassed from Rate Limiting.

Workaround

Using personal access token: PAT

is duplicated by

JRASERVER-76021 Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting

Needs Triage

relates to

JRASERVER-76876 Rate limiting should be able to extract the username before authenticating when personal access token is used

Gathering Interest

Assignee:: Unassigned

Reporter:: Arijit Banerjee

Votes:: 3 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 12/Sep/2022 11:12 AM

Updated:: 25/May/2024 2:26 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Workaround

Attachments

Issue Links

Activity

People

Dates