This is an automated email from the ASF dual-hosted git repository. beto pushed a commit to branch fix_dos in repository https://gitbox.apache.org/repos/asf/superset.git
commit 50dabf39941402a72cae7c50a15ab4b4eaee4433 Author: Beto Dealmeida <[email protected]> AuthorDate: Thu Jun 1 15:57:36 2023 -0700 chore: rate limit requests --- superset/config.py | 6 ++++++ superset/models/dashboard.py | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/superset/config.py b/superset/config.py index 75fda6eb37..d430273008 100644 --- a/superset/config.py +++ b/superset/config.py @@ -266,6 +266,12 @@ PROXY_FIX_CONFIG = {"x_for": 1, "x_proto": 1, "x_host": 1, "x_port": 1, "x_prefi # Configuration for scheduling queries from SQL Lab. SCHEDULED_QUERIES: dict[str, Any] = {} +# Rate limiting +RATELIMIT_ENABLED = True +AUTH_RATE_LIMITED = True +AUTH_RATE_LIMIT = "2 per 5 second" +RATELIMIT_APPLICATION = "50 per second" + # ------------------------------ # GLOBALS FOR APP Builder # ------------------------------ diff --git a/superset/models/dashboard.py b/superset/models/dashboard.py index 719a6df8e4..5159fa873b 100644 --- a/superset/models/dashboard.py +++ b/superset/models/dashboard.py @@ -377,7 +377,7 @@ class Dashboard(Model, AuditMixinNullable, ImportExportMixin): ) -> str: copied_dashboards = [] datasource_ids = set() - for dashboard_id in dashboard_ids: + for dashboard_id in set(dashboard_ids): # make sure that dashboard_id is an integer dashboard_id = int(dashboard_id) dashboard = (
