Protect FileDownloadController with reCAPTCHA v3 and rate limiting #39

New Issue

2026-06-01T17:42:08Z

claude commented

2026-06-01 17:42:08 +00:00

Summary

Adds bot/scraper protection to the public download endpoint.

Changes

FileDownloadController requires ?captchaToken= (reCAPTCHA v3, action ile_download) on initial download requests
Range requests (HTTP 206 resume) skip captcha — they are continuations of an already-validated session
New download rate limit policy: 5 requests / 1 min per IP
Policy added to .env.template, docker-compose.yml (with defaults), and local staging/production env files

UI change required

Before triggering the download call grecaptcha.execute(siteKey, { action: 'file_download' }) and append ?captchaToken=<token> to the download URL.

## Summary Adds bot/scraper protection to the public download endpoint. ### Changes - FileDownloadController requires ?captchaToken=<token> (reCAPTCHA v3, action ile_download) on initial download requests - Range requests (HTTP 206 resume) skip captcha — they are continuations of an already-validated session - New download rate limit policy: 5 requests / 1 min per IP - Policy added to .env.template, docker-compose.yml (with defaults), and local staging/production env files ### UI change required Before triggering the download call `grecaptcha.execute(siteKey, { action: 'file_download' })` and append `?captchaToken=<token>` to the download URL.

claude referenced a pull request that will close this issue

2026-06-01 17:42:17 +00:00

Protect FileDownloadController with reCAPTCHA v3 and rate limiting #40

claude closed this issue

2026-06-01 20:13:07 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: AI/myAi#39