diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9df61370..d59a64b9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -47,9 +47,8 @@ class ApplicationController < ActionController::Base
 
   # Block unknown hosts to mitigate host header injection attacks
   def block_unknown_hosts
-    return unless Rails.env.production?
-    return if config.hosts.blank?
-    raise UnsafeHostError, "#{request.host} is not a safe host" unless config.hosts.include?(request.host)
+    return if Rails.configuration.hosts.blank?
+    raise UnsafeHostError, "#{request.host} is not a safe host" unless Rails.configuration.hosts.include?(request.host)
   end
 
   # Force SSL