cyu
commented
1 year ago @paul-at You're correct – this is unrelated. I've revised the help and moved it into the Gotchas section
Thanks!
Closed paul-at closed 1 year ago
cyu
commented
1 year ago @paul-at You're correct – this is unrelated. I've revised the help and moved it into the Gotchas section
Thanks!
README.md says "Note about Rails 6: Rails 6 has support for blocking requests from unknown hosts, so origin domains will need to be added there as well."
Why are origin domains needed to be added? ActionDispatch::HostAuthorization seem to only be checking the Host header
Furthermore, following the instructions literally and adding origin domain with
Rails.application.config.hosts << "product.com"breaks production environment, results in application becoming inaccessible in production if application.config.hosts weren't previously defined in production environment to include the app's domain explicitly.I read #203 several times, but couldn't find an explanation.