Skip to content

fix: RouteConfig default overrides global enable_penetration_detection=False #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
MihaiStreames wants to merge 1 commit into from
Closed

fix: RouteConfig default overrides global enable_penetration_detection=False #73

MihaiStreames wants to merge 1 commit into from

Conversation

@MihaiStreames
Copy link

@MihaiStreames MihaiStreames commented Feb 6, 2026

Fixes #72

Problem

RouteConfig.__init__ hardcodes enable_suspicious_detection = True. When _get_effective_penetration_setting() encounters any RouteConfig (even the default one), it unconditionally overrides the global SecurityConfig.enable_penetration_detection setting. This means setting enable_penetration_detection=False has no effect when a RouteConfig is present on the request.

Fix

  1. Changed RouteConfig.enable_suspicious_detection default from True to None
  2. Added a None check in _get_effective_penetration_setting() so route-level config only takes effect when explicitly set via decorators

Decorator-created route configs still work correctly because _ensure_route_config() explicitly sets enable_suspicious_detection from config.enable_penetration_detection.

@MihaiStreames
fix: RouteConfig.enable_suspicious_detection default overrides global…
d731c31 
… enable_penetration_detection=False

RouteConfig.__init__ hardcoded enable_suspicious_detection=True, which
unconditionally overrode the global SecurityConfig.enable_penetration_detection
in _get_effective_penetration_setting(). This meant setting
enable_penetration_detection=False had no effect when a RouteConfig was present.

Changed the default to None and added a None check so route-level config only
overrides the global setting when explicitly set via decorators.

Fixes rennf93#72
@rennf93 rennf93 self-assigned this Feb 7, 2026
@rennf93
Copy link
Owner

rennf93 commented Feb 7, 2026

Hi @MihaiStreames

Thanks for the PR!

As I explained in #72 , this isn't actually a bug. The decorator system already handles the sync via _ensure_route_config(). The reproduction in the issue bypasses the library's API by directly instantiating RouteConfig() and calling a private function.

Closing this alongside the issue. Thanks for looking into it though.

Have a great one.

@rennf93 rennf93 added the not_a_bug Incorrectly reported as a bug. label Feb 7, 2026
@rennf93 rennf93 closed this Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@rennf93 rennf93

Labels

not_a_bug Incorrectly reported as a bug.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

RouteConfig.enable_suspicious_detection defaults to True, overriding global enable_penetration_detection=False

2 participants

@MihaiStreames @rennf93