From aeb30afbcea604fc2c0a0b88900fa17c720cf5d0 Mon Sep 17 00:00:00 2001
From: Kyle Pope <kyle.a.pope@outlook.com>
Date: Thu, 5 Mar 2026 21:31:28 +0800
Subject: [PATCH] Fix nginx rate limit blocking accept: exact match for send
 request location
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

location /api/connections/request was a prefix match, unintentionally
rate-limiting /api/connections/requests/incoming, /outgoing, and
/requests/{id}/respond at 3r/m. This caused the accept button on toast
notifications to get 429'd when clicked immediately — the incoming
requests poll + outgoing poll had already exhausted the rate limit.

Changed to exact match (= /api/connections/request) so only the send
endpoint is rate-limited, not the entire /requests/* tree.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 frontend/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index c15d713..52429a0 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -92,8 +92,8 @@ server {
         include /etc/nginx/proxy-params.conf;
     }
 
-    # Connection request — rate-limited to prevent spam
-    location /api/connections/request {
+    # Connection request (send) — exact match to avoid catching /requests/*
+    location = /api/connections/request {
         limit_req zone=conn_request_limit burst=3 nodelay;
         limit_req_status 429;
         include /etc/nginx/proxy-params.conf;