From ca62dfeede0c5352baf6c65688c71b9cd909c831 Mon Sep 17 00:00:00 2001 From: Genadi Samokovarov Date: Tue, 29 Jan 2019 18:47:55 +0200 Subject: Cleanup the whitelisting references after #33145 During the development of #33145, I have named a few concepts in the code as `whitelisted`. We decided to stay away from the term and I adjusted most of the code afterwards, but here are the cases I forgot to change. I also found a case in the API guide that we could have cleaned up as well. [ci skip] --- railties/CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'railties/CHANGELOG.md') diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index e55217c5c4..19f4de8a1d 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -75,7 +75,7 @@ In other environments `Rails.application.config.hosts` is empty and no `Host` header checks will be done. If you want to guard against header - attacks on production, you have to manually whitelist the allowed hosts + attacks on production, you have to manually permit the allowed hosts with: Rails.application.config.hosts << "product.com" @@ -88,7 +88,7 @@ # `beta1.product.com`. Rails.application.config.hosts << /.*\.product\.com/ - A special case is supported that allows you to whitelist all sub-domains: + A special case is supported that allows you to permit all sub-domains: # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. -- cgit v1.2.3