Add guard against DNS rebinding attacks (#16087)

* Add guard against DNS rebinding attacks

* Fix not to apply to test environment

diff --git a/config/initializers/1_hosts.rb b/config/initializers/1_hosts.rb
index 757f1f73554568a447356d6adc918e7677bfc317..0ce4320b72b8b2a3a40c96180c58f89ae3f5eb27 100644 (file)
--- a/config/initializers/1_hosts.rb
+++ b/config/initializers/1_hosts.rb
@@ -26,4 +26,10 @@ Rails.application.configure do
       "ws://#{ENV['REMOTE_DEV'] == 'true' ? host.split(':').first : 'localhost'}:4000"
     end
   end
+
+  unless Rails.env.test?
+    config.hosts << host if host.present?
+    config.hosts << web_host if web_host.present?
+    config.hosts << alternate_domains if alternate_domains.present?
+  end
 end