From 6b628d62d3f5e6666eac8ddb519b71ce7f7f04fe Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Fri, 8 May 2020 16:09:03 -0400
Subject: [PATCH] Remove production check for hosts (#1549)

---
 app/controllers/application_controller.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9df61370..d59a64b9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -47,9 +47,8 @@ class ApplicationController < ActionController::Base
 
   # Block unknown hosts to mitigate host header injection attacks
   def block_unknown_hosts
-    return unless Rails.env.production?
-    return if config.hosts.blank?
-    raise UnsafeHostError, "#{request.host} is not a safe host" unless config.hosts.include?(request.host)
+    return if Rails.configuration.hosts.blank?
+    raise UnsafeHostError, "#{request.host} is not a safe host" unless Rails.configuration.hosts.include?(request.host)
   end
 
   # Force SSL