Remove production check for hosts (#1549)

app/controllers/application_controller.rb

@@ -47,9 +47,8 @@ class ApplicationController < ActionController::Base
 
   # Block unknown hosts to mitigate host header injection attacks
   def block_unknown_hosts
-    return unless Rails.env.production?
-    return if config.hosts.blank?
-    raise UnsafeHostError, "#{request.host} is not a safe host" unless config.hosts.include?(request.host)
+    return if Rails.configuration.hosts.blank?
+    raise UnsafeHostError, "#{request.host} is not a safe host" unless Rails.configuration.hosts.include?(request.host)
   end
 
   # Force SSL