diff options
| author | Gannon McGibbon <gannon.mcgibbon@gmail.com> | 2019-02-04 11:09:46 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-04 11:09:46 -0500 |
| commit | 5da63c1d5664b6499be3c05f12bedddd2079ffb4 (patch) | |
| tree | 9a4bff5e0126067d8cd0c5b410e65f5df44a0537 /railties/CHANGELOG.md | |
| parent | 4558161e4d65b0d3f88bc8a271bb19e75bc55ae9 (diff) | |
| parent | ca62dfeede0c5352baf6c65688c71b9cd909c831 (diff) | |
| download | rails-5da63c1d5664b6499be3c05f12bedddd2079ffb4.tar.gz rails-5da63c1d5664b6499be3c05f12bedddd2079ffb4.tar.bz2 rails-5da63c1d5664b6499be3c05f12bedddd2079ffb4.zip | |
Merge pull request #35086 from gsamokovarov/cleanup-whitelisting-refs
Cleanup the whitelisting references after #33145
Diffstat (limited to 'railties/CHANGELOG.md')
| -rw-r--r-- | railties/CHANGELOG.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index e55217c5c4..19f4de8a1d 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -75,7 +75,7 @@ In other environments `Rails.application.config.hosts` is empty and no `Host` header checks will be done. If you want to guard against header - attacks on production, you have to manually whitelist the allowed hosts + attacks on production, you have to manually permit the allowed hosts with: Rails.application.config.hosts << "product.com" @@ -88,7 +88,7 @@ # `beta1.product.com`. Rails.application.config.hosts << /.*\.product\.com/ - A special case is supported that allows you to whitelist all sub-domains: + A special case is supported that allows you to permit all sub-domains: # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. |