Skip to content

Exclude 404 responses from rate-limit counter#272

Merged
runleveldev merged 2 commits intomainfrom
copilot/fix-safari-icon-rate-limit
Apr 1, 2026
Merged

Exclude 404 responses from rate-limit counter#272
runleveldev merged 2 commits intomainfrom
copilot/fix-safari-icon-rate-limit

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 1, 2026
edited
Loading

Safari auto-requests /apple-touch-icon.png, /apple-touch-icon-precomposed.png, and /favicon.ico on every page load. These 404s were counted against the 10-failure-per-5-min rate limit, exhausting the budget before any real interaction and triggering 429s on legitimate requests.

Change

Added requestWasSuccessful to the RateLimit config so 404s are treated as non-failures and skipped — only actionable errors (401, 403, 5xx, etc.) consume rate-limit budget.

app.use(RateLimit({
  windowMs: 5 * 60 * 1000,
  max: 10,
  skipSuccessfulRequests: true,
  requestWasSuccessful: (req, res) => res.statusCode < 400 || res.statusCode === 404,
}));

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • scarf.sh
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node ./report.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 1, 2026 that may be closed by this pull request
Safari icon requests trigger early rate-limit #271
Closed
@runleveldev
fix: exclude 404 responses from rate-limit counter to prevent Safari …
b4eefc5 
…icon requests from triggering early rate-limit

Agent-Logs-Url: https://github.com/mieweb/opensource-server/sessions/3fa31644-1044-4dfe-aa2d-e111bc78b3f0

Co-authored-by: runleveldev <44057501+runleveldev@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix early rate-limit trigger for Safari icon requests Exclude 404 responses from rate-limit counter Apr 1, 2026
Copilot AI requested a review from runleveldev April 1, 2026 22:22
@runleveldev runleveldev marked this pull request as ready for review April 1, 2026 22:26
cmyers-mieweb
cmyers-mieweb approved these changes Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@cmyers-mieweb cmyers-mieweb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@runleveldev runleveldev merged commit d150cf6 into main Apr 1, 2026
5 checks passed
@runleveldev runleveldev deleted the copilot/fix-safari-icon-rate-limit branch April 1, 2026 22:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmyers-mieweb cmyers-mieweb cmyers-mieweb approved these changes

+1 more reviewer

@runleveldev runleveldev runleveldev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@runleveldev runleveldev

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Safari icon requests trigger early rate-limit

3 participants

@runleveldev @cmyers-mieweb