Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PUT /state is rate limited against spec #17188

Closed
ajbura opened this issue May 14, 2024 · 1 comment
Closed

PUT /state is rate limited against spec #17188

ajbura opened this issue May 14, 2024 · 1 comment

Comments

@ajbura
Copy link

ajbura commented May 14, 2024

Description

sending many state event by client results in getting rate limited by server. This breaks the client experience when adding existing rooms in space or re-ordering space children.

Spec https://spec.matrix.org/v1.9/client-server-api/#put_matrixclientv3roomsroomidstateeventtypestatekey says that this endpoint is not rate limited.

Steps to reproduce

  • create a space
  • open add existing room panel (cinny, or element if it has this feature)
  • select 20+ rooms to add
  • open browser dev tool network panel
  • press add button
  • results in some room not added in space their request are rate limited

Homeserver

matrix.org

Synapse Version

1.107.0rc1 (b=matrix-org-hotfixes,cef3519e96)

Installation Method

Docker (matrixdotorg/synapse)

Database

NIL

Workers

Single process

Platform

NIL

Configuration

No response

Relevant log output

rate limited requests response

status code: 429
errcode: M_LIMIT_EXCEEDED
error: Too Many Requests

Anything else that would be useful to know?

NIL
@ajbura ajbura changed the title PUT /state is rate limted against spec PUT /state is rate limited against spec May 14, 2024
@kfiven kfiven mentioned this issue May 14, 2024
Closed
3 tasks
@erikjohnston
Copy link
Member

Hi, the spec only has a recommendation of whether or not an endpoint is ratelimited, and in general defaults to "no" for all endpoints. This is a large source of confusion, as servers have to be able to ratelimit endpoints as they see fit (to mitigate abuse). c.f. matrix-org/matrix-spec#584 for a spec issue on this.

We've seen people try and abuse /state/ etc in the wild, so we're not going to remove the ratelimiting.

@erikjohnston erikjohnston closed this as not planned Won't fix, can't repro, duplicate, stale May 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove ratelimit from rooms /state, /redact and /send kfiven/synapse
2 participants
@erikjohnston @ajbura