From 4dfb1a39611d97f83dd7431261128def7dbca5fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Sch=C3=BCtz?= <schuetzm@gmx.net>
Date: Sun, 20 Jan 2019 12:55:31 +0100
Subject: Subdomains of localhost are safe against DNS rebinding

---
 railties/test/application/configuration_test.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'railties/test/application')

diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 3e979ea20d..9da3956dda 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -2289,6 +2289,11 @@ module ApplicationTests
       MESSAGE
     end
 
+    test "the host whitelist includes .localhost in development" do
+      app "development"
+      assert_includes Rails.application.config.hosts, ".localhost"
+    end
+
     private
       def force_lazy_load_hooks
         yield # Tasty clarifying sugar, homie! We only need to reference a constant to load it.
-- 
cgit v1.2.3