Skip to content

[4.x] Add rate limiting to guest entry endpoints#99

Merged
duncanmcclean merged 1 commit into4.xfrom
rate-limits
Apr 24, 2026
Merged

[4.x] Add rate limiting to guest entry endpoints#99
duncanmcclean merged 1 commit into4.xfrom
rate-limits

Conversation

@duncanmcclean
Copy link
Copy Markdown
Owner

@duncanmcclean duncanmcclean commented Apr 24, 2026

This pull request adds rate limiting to all guest entry endpoints (store, update, and destroy), matching the approach taken in statamic/cms#14475.

A named guest-entries rate limiter is registered in the service provider, defaulting to 10 requests per minute per IP. The throttle:guest-entries middleware is applied to the action routes group.

The rate limiter can be overridden in your AppServiceProvider:

RateLimiter::for('guest-entries', function (Request $request) {
    return Limit::perMinute(5)->by($request->ip());
});

Related: statamic/cms#14475

@duncanmcclean @claude
Add rate limiting to guest entry endpoints
e2a61a5 
Registers a named `guest-entries` rate limiter (10 requests/min per IP)
and applies it to all action routes. Developers can override the limiter
in their AppServiceProvider.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@duncanmcclean duncanmcclean merged commit 8d4afae into 4.x Apr 24, 2026
19 of 20 checks passed
@duncanmcclean duncanmcclean deleted the rate-limits branch April 24, 2026 14:13
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 24, 2026

Released as part of v4.6.0.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 24, 2026

Released as part of v5.2.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@duncanmcclean