rape
This commit is contained in:
@@ -120,8 +120,15 @@ VITE_STATIC_DATA=false
|
||||
VITE_SITE_GATE=false
|
||||
API_RATE_LIMIT_WINDOW_MS=60000
|
||||
API_RATE_LIMIT_MAX=120
|
||||
SITE_SESSION_SECRET=long-random-shared-secret
|
||||
SITE_SESSION_TTL_SECONDS=43200
|
||||
```
|
||||
|
||||
HTML responses set a signed, HttpOnly site-session cookie. `/api/*` and `/data/*`
|
||||
requests must present that cookie and same-origin browser request metadata, so the
|
||||
data is served to active site sessions instead of as an open public API. All PM2
|
||||
web instances must share the same `SITE_SESSION_SECRET`.
|
||||
|
||||
On startup, the web server preloads the critical public snapshots before
|
||||
signalling PM2 `ready`: team leaderboard, player leaderboard, home teams, and
|
||||
recent games. `/health` includes a `public_data` block with the latest preload
|
||||
|
||||
Reference in New Issue
Block a user