Merge pull request #130 from adamliesko/allow_regexps_allowed_origins

Allow regexp for a allowed_request_origins array
author: David Heinemeier Hansson <david@loudthinking.com> 2015-12-13 14:24:28 +0100
committer: David Heinemeier Hansson <david@loudthinking.com> 2015-12-13 14:24:28 +0100
commit: 5fec4b96ffadf1624e6840d7446d78dba40add30 (patch)
tree: 931ef48e7bc1ed0807d112a1812ab0157004a8ac /lib
parent: c362beab2edd3dcae248dfaaaf3e0dee12baafa8 (diff)
parent: 1c6fb5e3975a96e70684965ca47291206caab6c3 (diff)
download: rails-5fec4b96ffadf1624e6840d7446d78dba40add30.tar.gz
rails-5fec4b96ffadf1624e6840d7446d78dba40add30.tar.bz2
rails-5fec4b96ffadf1624e6840d7446d78dba40add30.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/action_cable/connection/base.rb b/lib/action_cable/connection/base.rb
index b93b6a8a50..7e9eec7508 100644
--- a/lib/action_cable/connection/base.rb
+++ b/lib/action_cable/connection/base.rb
@@ -172,7 +172,7 @@ module ActionCable
         def allow_request_origin?
           return true if server.config.disable_request_forgery_protection
 
-          if Array(server.config.allowed_request_origins).include? env['HTTP_ORIGIN']
+          if Array(server.config.allowed_request_origins).any? { |allowed_origin|  allowed_origin === env['HTTP_ORIGIN'] }
             true
           else
             logger.error("Request origin not allowed: #{env['HTTP_ORIGIN']}")
author	David Heinemeier Hansson <david@loudthinking.com>	2015-12-13 14:24:28 +0100
committer	David Heinemeier Hansson <david@loudthinking.com>	2015-12-13 14:24:28 +0100
commit	5fec4b96ffadf1624e6840d7446d78dba40add30 (patch)
tree	931ef48e7bc1ed0807d112a1812ab0157004a8ac /lib
parent	c362beab2edd3dcae248dfaaaf3e0dee12baafa8 (diff)
parent	1c6fb5e3975a96e70684965ca47291206caab6c3 (diff)
download	rails-5fec4b96ffadf1624e6840d7446d78dba40add30.tar.gz rails-5fec4b96ffadf1624e6840d7446d78dba40add30.tar.bz2 rails-5fec4b96ffadf1624e6840d7446d78dba40add30.zip