Specify allowed hosts for assets and URLs

codeforamerica / ohana-api

The open source API directory of community social services.

http://ohana-api-demo.herokuapp.com/api

BSD 3-Clause "New" or "Revised" License

185 stars 344 forks source link

Closed monfresh closed 6 years ago

monfresh commented 6 years ago

Why: To help prevent host header injection. See: https://github.com/ankane/secure_rails and https://github.com/rails/rails/issues/29893

monfresh commented 6 years ago

@md5 I'd love your eyes on this if you get a chance.