search

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
https://nuxt-security.vercel.app/
MIT License
782 stars 57 forks source link

Spoofing IP to get around rate limiter is possible #196

Open harlan-zw opened 1 year ago

harlan-zw commented 1 year ago

Version

latest

Reproduction Link

https://stackblitz.com/edit/nuxt-starter-39vmtc?file=nuxt.config.ts

Fixed by https://github.com/unjs/h3/issues/504

This will only affect a subset of hosts.

Baroshem commented 1 year ago

Hey @harlan-zw

Thanks for this issue! I will take a look at it once I will be back from holidays :)

Baroshem commented 1 year ago

I will work on updating this once https://github.com/unjs/h3/issues/504 will be merged

Baroshem commented 6 months ago

Hey @harlan-zw

Any news here?

harlan-zw commented 6 months ago

It's an upstream issue, not sure if the module can solve it. Feel free to close