diff options
author | Eileen M. Uchitelle <eileencodes@users.noreply.github.com> | 2018-12-17 11:41:15 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-17 11:41:15 -0500 |
commit | 528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309 (patch) | |
tree | 04b25f1e0daf1e3f4bf71705bd08fa5dfa51c870 /railties/lib/rails/application/default_middleware_stack.rb | |
parent | 048e3172f51db1fddd03b89f676d96a443539a13 (diff) | |
parent | 02b931c764cca4c3f67b1decfc046bfb46dc510c (diff) | |
download | rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.tar.gz rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.tar.bz2 rails-528c5bb224a2f9ea6eee7b15ef5de5e9d17bf309.zip |
Merge pull request #33145 from gsamokovarov/host-authorization
Guard against DNS rebinding attacks by whitelisting hosts
Diffstat (limited to 'railties/lib/rails/application/default_middleware_stack.rb')
-rw-r--r-- | railties/lib/rails/application/default_middleware_stack.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb index 433a7ab41f..193cc59f3a 100644 --- a/railties/lib/rails/application/default_middleware_stack.rb +++ b/railties/lib/rails/application/default_middleware_stack.rb @@ -13,6 +13,8 @@ module Rails def build_stack ActionDispatch::MiddlewareStack.new do |middleware| + middleware.use ::ActionDispatch::HostAuthorization, config.hosts, config.action_dispatch.hosts_response_app + if config.force_ssl middleware.use ::ActionDispatch::SSL, config.ssl_options end |