From 83230234643bb53ba563e42d73fb91a0dcfbff64 Mon Sep 17 00:00:00 2001
From: Takeshi Umeda <noel.yoshiba@gmail.com>
Date: Thu, 22 Apr 2021 00:45:58 +0900
Subject: [PATCH] Add guard against DNS rebinding attacks (#16087)

* Add guard against DNS rebinding attacks

* Fix not to apply to test environment
---
 config/initializers/1_hosts.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/initializers/1_hosts.rb b/config/initializers/1_hosts.rb
index 757f1f735..0ce4320b7 100644
--- a/config/initializers/1_hosts.rb
+++ b/config/initializers/1_hosts.rb
@@ -26,4 +26,10 @@ Rails.application.configure do
       "ws://#{ENV['REMOTE_DEV'] == 'true' ? host.split(':').first : 'localhost'}:4000"
     end
   end
+
+  unless Rails.env.test?
+    config.hosts << host if host.present?
+    config.hosts << web_host if web_host.present?
+    config.hosts << alternate_domains if alternate_domains.present?
+  end
 end