Open make-github-pseudonymous-again opened 1 month ago
Might help to add --full-app
tests for token generation/revocation and/or api/ics
route tests that check that the requestor IP address is correctly forwarded.
Shower thought: could it be that this does not work because HTTP_FORWARDED_COUNT
is a string
and not a number?!
Maybe this has to be configured for Meteor's router, or maybe this is incorrectly applied twice.
This currently does not work in
api/healthcheck
andapi/ics
. The consequence is that all requests fall in the same rate-limiting bucket, which is a UX concern as soon as we have more than one user.See: