security concern: no limit rate at Resend confirmation email
(sorry that I couldn't find a desirable template)
Right now, there is no rate limit as how many confirmation emails can be sent without restriction. For example, I can go to gitlab.com/profile/emails, add a random email, and click on resend confirmation email
numerous times. This could allow an attacker to perform Denial-of-service attack to the web server.
I noticed that gitlab has https://docs.gitlab.com/ee/user/admin_area/settings/rate_limits_on_raw_endpoints.html and https://docs.gitlab.com/ee/user/admin_area/settings/user_and_ip_rate_limits.html, both to rate limit requests. The first doc seems to be on a per project basis, not applying to my use case here. The second doc seems to block any request to gitlab if limit is hit, whereas I would simply want resend confirmation email
functionality to be disabled.