svemagie.net/indiekit-endpoint-activitypub
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(rate-limit): suppress ERR_ERL_PERMISSIVE_TRUST_PROXY behind nginx reverse proxy

Browse Source
This commit is contained in:
svemagie
2026-03-27 09:43:09 +01:00
parent 6f76ec45c4
commit 69ae731dab
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/mastodon/router.js
+3
View File
@@ -28,6 +28,7 @@ const apiLimiter = rateLimit({
max: 300, max: 300,
standardHeaders: true, standardHeaders: true,
legacyHeaders: false, legacyHeaders: false,
validate: { trustProxy: false }, // behind nginx reverse proxy; trust proxy is intentional
message: { error: "Too many requests, please try again later" }, message: { error: "Too many requests, please try again later" },
}); });
@@ -36,6 +37,7 @@ const authLimiter = rateLimit({
max: 30, max: 30,
standardHeaders: true, standardHeaders: true,
legacyHeaders: false, legacyHeaders: false,
validate: { trustProxy: false },
message: { error: "Too many authentication attempts" }, message: { error: "Too many authentication attempts" },
}); });
@@ -44,6 +46,7 @@ const appRegistrationLimiter = rateLimit({
max: 25, max: 25,
standardHeaders: true, standardHeaders: true,
legacyHeaders: false, legacyHeaders: false,
validate: { trustProxy: false },
message: { error: "Too many app registrations" }, message: { error: "Too many app registrations" },
}); });