diff --git a/apps/consent/.dockerignore b/apps/consent/.dockerignore
index 2eea525d88..4c49bd78f1 100644
--- a/apps/consent/.dockerignore
+++ b/apps/consent/.dockerignore
@@ -1 +1 @@
-.env
\ No newline at end of file
+.env
diff --git a/apps/consent/src/routes/consent.ts b/apps/consent/src/routes/consent.ts
index 2e5bb06eea..ffdcb93eb8 100644
--- a/apps/consent/src/routes/consent.ts
+++ b/apps/consent/src/routes/consent.ts
@@ -27,6 +27,8 @@ router.get("/", csrfProtection, async (req, res, next) => {
     return
   }
 
+  // TODO: add rate limits
+
   // This section processes consent requests and either shows the consent UI or
   // accepts the consent request right away if the user has given consent to this
   // app before
diff --git a/apps/consent/src/routes/login.ts b/apps/consent/src/routes/login.ts
index 46ca9249bb..992d3ee100 100644
--- a/apps/consent/src/routes/login.ts
+++ b/apps/consent/src/routes/login.ts
@@ -31,6 +31,8 @@ router.get("/", csrfProtection, async (req, res, next) => {
     return
   }
 
+  // TODO: add rate limits
+
   let body: OAuth2LoginRequest
 
   try {