about summary refs log tree commit diff
path: root/config/initializers
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers')
-rw-r--r--config/initializers/preload_link_headers.rb2
-rw-r--r--config/initializers/rack_attack.rb7
2 files changed, 7 insertions, 2 deletions
diff --git a/config/initializers/preload_link_headers.rb b/config/initializers/preload_link_headers.rb
index 9f21c45ec..364a7cc1b 100644
--- a/config/initializers/preload_link_headers.rb
+++ b/config/initializers/preload_link_headers.rb
@@ -2,7 +2,7 @@
 # in the Links header per default.
 
 # In our case, that will bloat headers too much and potentially cause
-# issues with reverse proxies. Furhermore, we don't need those links,
+# issues with reverse proxies. Furthermore, we don't need those links,
 # as we already output them as HTML link tags.
 
 Rails.application.config.action_view.preload_links_header = false
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 964d4266d..c3733e377 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -82,7 +82,12 @@ class Rack::Attack
   end
 
   throttle('throttle_sign_up_attempts/ip', limit: 25, period: 5.minutes) do |req|
-    req.remote_ip if req.post? && req.path == '/auth'
+    if req.post? && req.path == '/auth'
+      addr = req.remote_ip
+      addr = IPAddr.new(addr) if addr.is_a?(String)
+      addr = addr.mask(64) if addr.ipv6?
+      addr.to_s
+    end
   end
 
   throttle('throttle_password_resets/ip', limit: 25, period: 5.minutes) do |req|