add rate limiting and HSTS for security hardening
Some checks failed
deploy / deploy (push) Failing after 8m33s
Some checks failed
deploy / deploy (push) Failing after 8m33s
- Add Hammer library for rate limiting with ETS backend - Rate limit login (5/min), magic link (3/min), newsletter (10/min), API (60/min) - Add themed 429 error page using bare shop styling - Enable HSTS in production with rewrite_on for Fly proxy - Add security hardening plan to docs Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
jamey
@@ -64,7 +64,9 @@ if config_env() == :prod do
|
||||
ip: {0, 0, 0, 0, 0, 0, 0, 0},
|
||||
port: port
|
||||
],
|
||||
secret_key_base: secret_key_base
|
||||
secret_key_base: secret_key_base,
|
||||
# HSTS tells browsers to always use HTTPS for this domain (1 year, include subdomains)
|
||||
force_ssl: [hsts: true, rewrite_on: [:x_forwarded_proto]]
|
||||
|
||||
# ## SSL Support
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user