[openstreetmap/openstreetmap-website] Return an error when a disabled authentication mechanism is used (PR #4496)

[mmd]

> Operationally to deal with the cgimap issues we could force anything with a basic auth header into rails instead of cgimap during the brownouts so they get the better error

I'm not sure this is really needed. Let's take a look at the different scenarios.

Out of the four endpoints to do changes on the database, only the changeset upload is handled by CGImap. As soon as there are no open changesets left anymore, they're stuck with the changeset create on Rails. The error message on Rails would suffice in this case.

The user based rate limiting for various fetch element endpoints is implemented on CGImap only. I suppose if we're diverting these calls to Rails, it would not trigger an error there.

If we want to make users aware that their rate limiting isn't working anymore, this would have to be done on Apache or CGImap then?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4496#issuecomment-1962898828
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4496/c1962898828 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240225/e8e330ca/attachment.htm>