Block hotlinking to repository archives
Adds some header detection to help prevent DDOS attempts on the repository archive endpoint. Introduced as a concern so it can be utilised elsewhere if needed. Now uses built-in Rails header parser and doesn't block legimate Sec-Fetch-Mode headers. Adds support for hotlinking interception on the API as well, refactors most of the system out into a new class to cover both Rails and Grape.
Showing
Please register or sign in to comment