Add guard against DNS rebinding attacks (#16087)

* Add guard against DNS rebinding attacks * Fix not to apply to test environment
author: Takeshi Umeda <noel.yoshiba@gmail.com> 2021-04-22 00:45:58 +0900
committer: GitHub <noreply@github.com> 2021-04-21 17:45:58 +0200
commit: 83230234643bb53ba563e42d73fb91a0dcfbff64 (patch)
tree: b4a77f5cf032e55b198209b6d0f619a939a5c47f /config/initializers
parent: e243092a5ae44dbf9a1c0ea2791214f6c9d69025 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/config/initializers/1_hosts.rb b/config/initializers/1_hosts.rb
index 757f1f735..0ce4320b7 100644
--- a/config/initializers/1_hosts.rb
+++ b/config/initializers/1_hosts.rb
@@ -26,4 +26,10 @@ Rails.application.configure do
       "ws://#{ENV['REMOTE_DEV'] == 'true' ? host.split(':').first : 'localhost'}:4000"
     end
   end
+
+  unless Rails.env.test?
+    config.hosts << host if host.present?
+    config.hosts << web_host if web_host.present?
+    config.hosts << alternate_domains if alternate_domains.present?
+  end
 end
author	Takeshi Umeda <noel.yoshiba@gmail.com>	2021-04-22 00:45:58 +0900
committer	GitHub <noreply@github.com>	2021-04-21 17:45:58 +0200
commit	83230234643bb53ba563e42d73fb91a0dcfbff64 (patch)
tree	b4a77f5cf032e55b198209b6d0f619a939a5c47f /config/initializers
parent	e243092a5ae44dbf9a1c0ea2791214f6c9d69025 (diff)