From 11bf4bff4b4de79431168f48e01a91136587b528 Mon Sep 17 00:00:00 2001
From: "theis.gaedigk" <theis.gaedigk@icloud.com>
Date: Sat, 23 May 2026 12:46:27 +0200
Subject: [PATCH] fixed limiter

---
 backend/server.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/server.js b/backend/server.js
index d67d0c5..259604c 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -1,11 +1,12 @@
 import express from "express";
 import cors from "cors";
 import apiRouter from "./routes/api.js";
+import { rateLimit } from "express-rate-limit";
 
 const app = express();
 const port = 7001;
-import { rateLimit } from "express-rate-limit";
 
+app.set("trust proxy", 1); // Required when running behind a proxy (e.g. Docker/NGINX) so rate-limit can read X-Forwarded-For.
 app.use(cors());
 app.use(express.urlencoded({ extended: true }));
 app.set("view engine", "ejs");