Enforce rate limit per IP on /users/:username/exists
What does this MR do and why?
This MR enforces a rate limit per IP address on the /users/:username/exists
internal API endpoint, used by the registration to perform a client-side validation of the uniqueness of the chosen username. This is to mitigate attempts to misuse the endpoint, for example to mass-discover usernames in use. It refers to #29040 (closed)
Rollout issue for the feature flag: #348974 (closed)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Magdalena Frankiewicz