Update hosts for application

The previous regex permitted `app-name.dodgygov.uk`. Updating to disallow this and only permit `*.gov.uk`.
alphagov · Oct 18, 2024 · 277949c · 277949c
1 parent d45ace0
commit 277949c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -80,7 +80,7 @@
 
   # Enable DNS rebinding protection and other `Host` header attacks.
   config.hosts = [
-    /transition\..*gov.uk?/,
+    /transition\..*\.gov.uk$/,
   ]
 
   # Skip DNS rebinding protection for the default health check endpoint.