prism

mirror of https://github.com/lone-cloud/prism synced 2026-06-03 19:54:44 -07:00

History

lone-cloud 37d745703c security: remove RealIP middleware, tighten rate limiter defaults - remove chi middleware.RealIP; deprecated in chi v5.3.0 due to IP spoofing vulnerabilities (GHSA-3fxj-6jh8-hvhx, GHSA-rjr7-jggh-pgcp, GHSA-9g5q-2w5x-hmxf) - lower default RATE_LIMIT from 100 to 20 req/s per IP - support RATE_LIMIT=0 to disable rate limiting entirely (for deployments behind a remote reverse proxy with its own rate limiting) - fix incorrect .env.example comment (was 'per 15 minute window', is per second)	2026-05-23 18:37:55 -07:00
..
config.go	security: remove RealIP middleware, tighten rate limiter defaults	2026-05-23 18:37:55 -07:00

security: remove RealIP middleware, tighten rate limiter defaults

- remove chi middleware.RealIP; deprecated in chi v5.3.0 due to IP spoofing
  vulnerabilities (GHSA-3fxj-6jh8-hvhx, GHSA-rjr7-jggh-pgcp, GHSA-9g5q-2w5x-hmxf)
- lower default RATE_LIMIT from 100 to 20 req/s per IP
- support RATE_LIMIT=0 to disable rate limiting entirely (for deployments behind
  a remote reverse proxy with its own rate limiting)
- fix incorrect .env.example comment (was 'per 15 minute window', is per second)

2026-05-23 18:37:55 -07:00

config.go

security: remove RealIP middleware, tighten rate limiter defaults

2026-05-23 18:37:55 -07:00