From 2b96324c311d140b0a5285e1cab98f2d1106f7cd Mon Sep 17 00:00:00 2001
From: Sagar Vora <sagar@resilient.tech>
Date: Sat, 5 Aug 2023 17:02:55 +0000
Subject: [PATCH] fix: rate limit for all HTTP methods (#21929)

---
 frappe/core/doctype/user/user.py            | 2 +-
 frappe/website/doctype/web_form/web_form.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index b1f8777777..3a4fa12e91 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -1010,7 +1010,7 @@ def sign_up(email: str, full_name: str, redirect_to: str) -> tuple[int, str]:
 
 
 @frappe.whitelist(allow_guest=True)
-@rate_limit(limit=get_password_reset_limit, seconds=24 * 60 * 60, methods=["POST"])
+@rate_limit(limit=get_password_reset_limit, seconds=24 * 60 * 60)
 def reset_password(user: str) -> str:
 	if user == "Administrator":
 		return "not allowed"
diff --git a/frappe/website/doctype/web_form/web_form.py b/frappe/website/doctype/web_form/web_form.py
index 619692cc1d..0a2be0c1b8 100644
--- a/frappe/website/doctype/web_form/web_form.py
+++ b/frappe/website/doctype/web_form/web_form.py
@@ -429,7 +429,7 @@ def get_web_form_module(doc):
 
 
 @frappe.whitelist(allow_guest=True)
-@rate_limit(key="web_form", limit=5, seconds=60, methods=["POST"])
+@rate_limit(key="web_form", limit=5, seconds=60)
 def accept(web_form, data):
 	"""Save the web form"""
 	data = frappe._dict(json.loads(data))