hitting users.getAvatar endpoint still subject to rate limiting even after disabling #13462
Comments
|
@Galatoni I did the flow that you described and I'm not be able to simulate this error. The only thing different that I noticed is the error status if it is an error caused by rate limiter is |
|
@MarcosSpessatto I'm not a developer for the project or anything, but i'll post some screenshots of how it's set up on our project:
The user thats interacting with the interface we're using is making requests against the Spotlight search endpoint, then using the users.getAvatar endpoint to get ... well the avatar for that user. After making repeat requests (which causes the interface to refresh frequently - causing more avatar requests) eventually we end up with 400's. I'm not saying your fixes don't fix the endpoint limits, that's fine. They look like they should. What I am saying is, with the above settings set, there shouldn't be any limits to speak of surely? Now. What appears to be happening with your changes (feel free to correct me), but it's requesting a rebuild of the rules associated with limits. But even if I restart our server, the settings still aren't being applied, which your changes are now doing without a restart being required? |
Yes, with this permission granted to these users, yes, the rate limiter should be bypassed.
Yes, you are right. My changes just do it that you said. I'll try to simulate this error again, this issue occurs only with this specific endpoint? Or with another ones too? |
|
The only one i've reliably replicated this on was the users.getAvatar one. However, i've seen a number of issues regarding the users.X section in its entirety might be having issues. |
|
@Galatoni can you please did another test? I'd like to see if you can disable the DDPRate Limiter and test again, just to make sure that the DDPRate Limiter does not affect the REST API Rate Limiter. |
|
Ha. I'm not at my computer again until tomorrow. I'll gladly help though. Do you mind posting specific instructions to ensure I get it right? I'm not sure what you mean by DDPRate limiter for starters ;) |
|
@Galatoni no worries, the DDP rate limiter apply rate limiter for the connections over DDP protocol(which is used too). Under the |
|
@MarcosSpessatto Worth noting that (as above) after setting both of the other settings to "0" and restarting the server. The settings seemed to take effect and then this worked as expected. As a work around, this should allow me to continue. |
|
@Galatoni I'll close this issue since we talked about this problem via DM, if the problem persists, feel free to reopen. |
Description:
After upgrade to 0.74.0 even after setting the permissions for 'api-bypass-rate-limit' and switching the dev radio button in the General -> REST API section to turn off the rate limiter, the endpoint for users.getAvatar still rate limits.
Steps to reproduce:
Expected behavior:
I expect the rate limiter to not apply and to allow me to make calls to the endpoint unimpeded.
Actual behavior:
400 error with following payload:
error: "Error, too many requests. Please slow down. You must wait 32 seconds before trying this endpoint again. [error-too-many-requests]" errorType: "error-too-many-requests" success: falseServer Setup Information:
The text was updated successfully, but these errors were encountered: