Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-21473

Rate limiting does not work for Cookie based authorization

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Security
    • None
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Issue Summary

      Rate limiting does not work for Cookie based authorization

       

      This is reproducible on Data Center: Yes

      Steps to Reproduce

      1. Enable rate limiting
      2. Enable Cookie based authorization
      3. We will observe that Jira is not blocking the request if it breaches the limit 

      Expected Results

      We can see the calls are getting blocked when it uses the basic authentication but if the code is using cookie-based authentication then it's getting bypassed from Rate Limiting.

      Workaround

      Using personal access token: PAT

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-76021 Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting

          • Medium - Medium priority issues
          • Needs Triage
          relates to

          Suggestion - JRASERVER-76876 Rate limiting should be able to extract the username before authenticating when personal access token is used

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              7fa5e2b9af91 Arijit Banerjee
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: