From 964035b1186a4dd66be0e0fb6cf56959e21c10e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Mah=C3=A9?= <gled@remote-shell.net>
Date: Sat, 29 Apr 2017 15:27:49 -0700
Subject: [PATCH] allow localhost to bypass the ratelimit (#2554)

---
 config/initializers/rack_attack.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 67ec7c919..3ebe39462 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -1,6 +1,13 @@
 # frozen_string_literal: true
 
 class Rack::Attack
+  # Always allow requests from localhost
+  # (blocklist & throttles are skipped)
+  Rack::Attack.safelist('allow from localhost') do |req|
+    # Requests are allowed if the return value is truthy
+    '127.0.0.1' == req.ip || '::1' == req.ip
+  end
+
   # Rate limits for the API
   throttle('api', limit: 300, period: 5.minutes) do |req|
     req.ip if req.path =~ /\A\/api\/v/