Added support for the importExportRateLimiting setting, and Access-Control-Allow-Origin header added. Fixed the export of readonly pads. #142
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As mentioned several times (#9, #30, #139), in order to use ep_markdown through the Etherpad API, we need to add the CORS headers to the request. The problem with only doing that, if I understood well, is that it exposes the server to DDOS attacks.
In order to circumvent the problem, the other import/export functionalities of Etherpad are capped through a variable set in the
settings.json
file:importExportRateLimiting
. The implementation of this setting is done in theimportexport.ts
file of etherpad-lite.This PR aims at implementing this limiter alongside the CORS headers, in order to be able to use the export function of ep_markdown through the API.