Merge pull request #2360 from alphagov/add-hosts

Configure hosts for application
alphagov · Oct 24, 2024 · 097a5f6 · 097a5f6
2 parents 994e254 + af33f04
commit 097a5f6
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -101,4 +101,12 @@
     logger.formatter = config.log_formatter
     config.logger    = ActiveSupport::TaggedLogging.new(logger)
   end
+
+  # Enable DNS rebinding protection and other `Host` header attacks.
+  config.hosts = [
+    /publisher\..*\.gov.uk/,
+  ]
+
+  # Skip DNS rebinding protection for the default health check endpoint.
+  config.host_authorization = { exclude: ->(request) { request.path.match?("^\/healthcheck") } }
 end