From 6c2973a284b237fcb29dac90b0fb6908d5c41931 Mon Sep 17 00:00:00 2001
From: stumpylog <797416+stumpylog@users.noreply.github.com>
Date: Wed, 13 May 2026 13:00:00 -0700
Subject: [PATCH] Adds new entry for the new settings allauth needs, probably

---
 docs/migration-v3.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/migration-v3.md b/docs/migration-v3.md
index e17dd3b65..4fff1f858 100644
--- a/docs/migration-v3.md
+++ b/docs/migration-v3.md
@@ -318,3 +318,11 @@ echo "Document ${DOCUMENT_ID} from ${DOCUMENT_CORRESPONDENT} tagged: ${DOCUMENT_
 Update any pre- or post-consumption scripts that read `$1`, `$2`, etc. to use the
 corresponding environment variables instead. Environment variables have been the preferred
 option since v1.8.0.
+
+## Reverse Proxy and Login Rate Limiting
+
+Allauth changed how it determines the client IP address for login rate limiting. Users running
+behind a reverse proxy may need to set
+[`PAPERLESS_TRUSTED_PROXIES`](configuration.md#PAPERLESS_TRUSTED_PROXIES),
+[`PAPERLESS_ALLAUTH_TRUSTED_CLIENT_IP_HEADER`](configuration.md#PAPERLESS_ALLAUTH_TRUSTED_CLIENT_IP_HEADER),
+or both, to avoid `403 Forbidden` errors on login.