mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-29 13:04:03 +03:00
Throttles now use HTTP_X_FORWARDED_FOR, falling back to REMOTE_ADDR to identify anonymous requests
This commit is contained in:
parent
711fb9761c
commit
2d5e14a8d3
|
@ -152,7 +152,9 @@ class AnonRateThrottle(SimpleRateThrottle):
|
|||
if request.user.is_authenticated():
|
||||
return None # Only throttle unauthenticated requests.
|
||||
|
||||
ident = request.META.get('REMOTE_ADDR', None)
|
||||
ident = request.META.get('HTTP_X_FORWARDED_FOR')
|
||||
if ident is None:
|
||||
ident = request.META.get('REMOTE_ADDR')
|
||||
|
||||
return self.cache_format % {
|
||||
'scope': self.scope,
|
||||
|
|
Loading…
Reference in New Issue
Block a user