Open
Description
https://github.com/TecharoHQ/anubis/blob/main/lib/anubis.go#L227-L232:
if policyRule != rule.Hash() {
lg.Debug("user originally passed with a different rule, issuing new challenge", "old", policyRule, "new", rule.Name)
s.ClearCookie(w, CookieOpts{Path: cookiePath, Host: r.Host})
s.RenderIndex(w, r, rule, httpStatusOnly)
return
}
I think this is undesirable, or at least unexpected, behavior not indicated in the documentation.
#576 is the source of the breaking change. The stated intention was to deal with different challenge "levels" (difficulty and/or algorithm?), but the code fires even if the challenge levels b/w "old "and "new" policies are the same. I have not customized difficulty or algorithm on a per-policy basis, so all my rules use the same "level".
Thanks!
Metadata
Metadata
Assignees
Labels
No labels