From ab362aabacbeeeaf81964ea67f8ed15c78db4515 Mon Sep 17 00:00:00 2001
From: Dan Milne <d@nmilne.com>
Date: Sun, 28 Dec 2025 14:40:53 +1100
Subject: [PATCH] Remove the rate limit for the forward auth system

---
 Dockerfile                                     | 2 +-
 app/controllers/api/forward_auth_controller.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e997c41..d1a1a43 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,7 +11,7 @@
 ARG RUBY_VERSION=3.4.6
 FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
 
-LABEL org.opencontainers.image.source https://github.com/dkam/clinch
+LABEL org.opencontainers.image.source=https://github.com/dkam/clinch
 
 # Rails app lives here
 WORKDIR /rails
diff --git a/app/controllers/api/forward_auth_controller.rb b/app/controllers/api/forward_auth_controller.rb
index 933d81b..69e110b 100644
--- a/app/controllers/api/forward_auth_controller.rb
+++ b/app/controllers/api/forward_auth_controller.rb
@@ -3,7 +3,7 @@ module Api
     # ForwardAuth endpoints need session storage for return URL
     allow_unauthenticated_access
     skip_before_action :verify_authenticity_token
-    rate_limit to: 100, within: 1.minute, only: :verify, with: -> { head :too_many_requests }
+    # No rate limiting on forward_auth endpoint - proxy middleware hits this frequently
 
     # GET /api/verify
     # This endpoint is called by reverse proxies (Traefik, Caddy, nginx)