diff --git a/services/web/app/src/Features/Editor/EditorHttpController.js b/services/web/app/src/Features/Editor/EditorHttpController.js
index 719a71b192..1ad5ebbd08 100644
--- a/services/web/app/src/Features/Editor/EditorHttpController.js
+++ b/services/web/app/src/Features/Editor/EditorHttpController.js
@@ -58,7 +58,7 @@ const unsupportedSpellcheckLanguages = [
 
 async function joinProject(req, res, next) {
   const projectId = req.params.Project_id
-  let userId = req.query.user_id
+  let userId = req.query.user_id // keep schema in sync with router
   if (userId === 'anonymous-user') {
     userId = null
   }
diff --git a/services/web/app/src/Features/Editor/EditorRouter.js b/services/web/app/src/Features/Editor/EditorRouter.js
index 6539e9e524..eda8d9c891 100644
--- a/services/web/app/src/Features/Editor/EditorRouter.js
+++ b/services/web/app/src/Features/Editor/EditorRouter.js
@@ -70,6 +70,8 @@ module.exports = {
       AuthenticationController.requirePrivateApiAuth(),
       RateLimiterMiddleware.rateLimit(rateLimiters.joinProject, {
         params: ['Project_id'],
+        // keep schema in sync with controller
+        getUserId: req => req.query.user_id,
       }),
       EditorHttpController.joinProject
     )