mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-12-01 22:14:06 +03:00
Throttles now use HTTP_X_FORWARDED_FOR, falling back to REMOTE_ADDR to identify anonymous requests
This commit is contained in:
parent
711fb9761c
commit
2d5e14a8d3
|
@ -152,7 +152,9 @@ class AnonRateThrottle(SimpleRateThrottle):
|
||||||
if request.user.is_authenticated():
|
if request.user.is_authenticated():
|
||||||
return None # Only throttle unauthenticated requests.
|
return None # Only throttle unauthenticated requests.
|
||||||
|
|
||||||
ident = request.META.get('REMOTE_ADDR', None)
|
ident = request.META.get('HTTP_X_FORWARDED_FOR')
|
||||||
|
if ident is None:
|
||||||
|
ident = request.META.get('REMOTE_ADDR')
|
||||||
|
|
||||||
return self.cache_format % {
|
return self.cache_format % {
|
||||||
'scope': self.scope,
|
'scope': self.scope,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user