Merge pull request #1432 from alphagov/hostname-config-redux

Configure hosts for application
alphagov · Oct 30, 2024 · d130f9c · d130f9c
2 parents e02dbea + 8cd11fd
commit d130f9c
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -80,10 +80,11 @@
   config.active_record.dump_schema_after_migration = false
 
   # Enable DNS rebinding protection and other `Host` header attacks.
-  # config.hosts = [
-  #   "example.com",     # Allow requests from example.com
-  #   /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
-  # ]
+  config.hosts = [
+    /local-links-manager\..*\.gov.uk$/,
+    "local-links-manager",
+  ]
+
   # Skip DNS rebinding protection for the default health check endpoint.
-  # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
+  config.host_authorization = { exclude: ->(request) { request.path.match?("^\/healthcheck") } }
 end