Skip to content

Proxy frontend API requests through Nuxt #3473

New issue
New issue
Open
Open
Proxy frontend API requests through Nuxt#3473
Assignees
obulat
Labels
✨ goal: improvementImprovement to an existing user-facing feature💻 aspect: codeConcerns the software code in the repository🧭 project: threadAn issue used to track a project and its progress🧱 stack: frontendRelated to the Nuxt frontend
@sarayourfriend

Description

@sarayourfriend
sarayourfriend
opened on Dec 6, 2023

Problem

Our approach to anonymous rate limiting inadvertently affects single IP address institutions like schools and libraries. In these cases, all users on their networks are rate limited as a single user. We've observed this happening especially when the referrer is openverse.org, meaning these are likely to be regular frontend users getting rate limited.

Description

The Openverse frontend should proxy API requests and forward the SSR server's API key with requests. This would prevent anonymous rate limiting applying to API requests from the frontend and would allow us to safely turn anonymous rate limiting back on in the API.

If it's quick to do, using a CSRF token + cookie combination would make this slightly more resilient to attacks, but we can do that in a follow up PR if it's too complex to implement right away.

Documents

Due to the small size of this project, a project plan can be skipped and only an implementation plan should be necessary

Issues

Prior Art

Metadata

Metadata

Assignees

Labels

✨ goal: improvementImprovement to an existing user-facing feature💻 aspect: codeConcerns the software code in the repository🧭 project: threadAn issue used to track a project and its progress🧱 stack: frontendRelated to the Nuxt frontend

Type

No type

Projects

Openverse Project Tracker

Status

🚀 In Kickoff
Openverse Backlog

Status

🏗 In Progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions