From 4dfb1a39611d97f83dd7431261128def7dbca5fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Sch=C3=BCtz?= <schuetzm@gmx.net>
Date: Sun, 20 Jan 2019 12:55:31 +0100
Subject: Subdomains of localhost are safe against DNS rebinding

---
 railties/lib/rails/application/configuration.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/lib')

diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index d5a66b6ec1..b7838f7e32 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -30,7 +30,7 @@ module Rails
         @filter_parameters                       = []
         @filter_redirect                         = []
         @helpers_paths                           = []
-        @hosts                                   = Array(([IPAddr.new("0.0.0.0/0"), IPAddr.new("::/0"), "localhost"] if Rails.env.development?))
+        @hosts                                   = Array(([IPAddr.new("0.0.0.0/0"), IPAddr.new("::/0"), ".localhost"] if Rails.env.development?))
         @public_file_server                      = ActiveSupport::OrderedOptions.new
         @public_file_server.enabled              = true
         @public_file_server.index_name           = "index"
-- 
cgit v1.2.3