From 490b595a01c5824ff63ffb87f0efdfca95f4bf3b Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Thu, 29 Mar 2018 10:58:24 +0200
Subject: Prevent brute force login attack

---
 server.ts | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'server.ts')

diff --git a/server.ts b/server.ts
index f6794b897..b307e67a1 100644
--- a/server.ts
+++ b/server.ts
@@ -48,6 +48,9 @@ if (errorMessage !== null) {
   throw new Error(errorMessage)
 }
 
+// Trust our proxy (IP forwarding...)
+app.set('trust proxy', CONFIG.TRUST_PROXY)
+
 // ----------- Database -----------
 
 // Initialize database and models
@@ -81,6 +84,7 @@ if (isTestInstance()) {
     ) {
       return (cors({
         origin: 'http://localhost:3000',
+        exposedHeaders: 'Retry-After',
         credentials: true
       }))(req, res, next)
     }
-- 
cgit v1.2.3