Steps to replicate
- Install the ReportIncident extension
- Create a new account and make an edit using this account
- Open a user talk page
- Click on the "Report" link in the "Tools" menu
- Click through to the second step of the dialog
- Enter form data, but enter a username that does not exist
- Open DevTools and click on the 'Network' tab
- Click on submit until you see the error 429 (should take no more than 6 times in a standard configuration and no more than 1 time for a new user account). The errors seen before the 429 should have the error code 404.
The API request response has the status code 429, even though no reports were submitted in the previous request (as the form data failed validation).
What should have happened instead?:
All form validation should occur before the rate limit is increased, so that the rate limit should only be increased when a user submits a valid report that is emailed to the administrators.
Therefore, after 6 attempts to submit there should be no error with a code of 429.
Example in Firefox DevTools: