fix(ReferenceApiController): Bump rate limit for public resolve endpoint #49801
Conversation
E.g. text documents might contain hundreds of links whose previews need to get loaded. Fixes: nextcloud/collectives#1607 Signed-off-by: Jonas <[email protected]>
|
/backport to stable30 |
| @@ -128,7 +128,7 @@ public function resolveOne(string $reference): DataResponse { | |||
| */ | |||
| #[ApiRoute(verb: 'GET', url: '/resolvePublic', root: '/references')] | |||
| #[PublicPage] | |||
| #[AnonRateLimit(limit: 10, period: 120)] | |||
| #[AnonRateLimit(limit: 200, period: 120)] | |||
There was a problem hiding this comment.
| #[AnonRateLimit(limit: 200, period: 120)] | |
| #[AnonRateLimit(limit: 200, period: 3600)] |
There was a problem hiding this comment.
That would mean that only 200 requests are allowed in 3600 seconds, which means 60 minutes, no? So reloading a document with 150 previews once would already hit the rate limit. Given that we cache the references internally I would prefer a shorter period.
There was a problem hiding this comment.
I think the tricky part is that we do not cache invalid responses, so you can still issue a lot more requests, though I find it hard to come up with a reasonable amount there.
We could also think about doing lazy loading on the frontend side there as an additional step to only fetch the ones that are visible in the browsers viewport, but even with that 10 in 120 seconds might be to low for examples like the one shared in the collectives ticket.
E.g. text documents might contain hundreds of links whose previews need to get loaded.
Fixes: nextcloud/collectives#1607
Checklist