diff options
| author | Eileen M. Uchitelle <eileencodes@users.noreply.github.com> | 2018-12-17 11:41:15 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-12-17 11:41:15 -0500 |
| commit | 528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309 (patch) | |
| tree | 04b25f1e0daf1e3f4bf71705bd08fa5dfa51c870 /actionpack/lib/action_dispatch/middleware/templates | |
| parent | 048e3172f51db1fddd03b89f676d96a443539a13 (diff) | |
| parent | 02b931c764cca4c3f67b1decfc046bfb46dc510c (diff) | |
| download | rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.tar.gz rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.tar.bz2 rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.zip | |
Merge pull request #33145 from gsamokovarov/host-authorization
Guard against DNS rebinding attacks by whitelisting hosts
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware/templates')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb | 7 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb | 5 |
2 files changed, 12 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb new file mode 100644 index 0000000000..2fa78dd385 --- /dev/null +++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb @@ -0,0 +1,7 @@ +<header> + <h1>Blocked host: <%= @host %></h1> +</header> +<div id="container"> + <h2>To allow requests to <%= @host %>, add the following configuration:</h2> + <pre>Rails.application.config.hosts << "<%= @host %>"</pre> +</div> diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb new file mode 100644 index 0000000000..4e2d1d0b08 --- /dev/null +++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb @@ -0,0 +1,5 @@ +Blocked host: <%= @host %> + +To allow requests to <%= @host %>, add the following configuration: + + Rails.application.config.hosts << "<%= @host %>" |