class HostAuthorization

Ruby on Rails 6.0.6

Since v6.0.6

Available in: v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

Compare with:

This middleware guards from DNS rebinding attacks by explicitly permitting the hosts a request can be sent to.

When a request comes to an unauthorized host, the response_app application will be executed and rendered. If no response_app is given, a default one will run, which responds with +403 Forbidden+.

Inherits from

Object

Constants

ActionDispatch::HostAuthorization::ALLOWED_HOSTS_IN_DEVELOPMENT
ActionDispatch::HostAuthorization::DEFAULT_RESPONSE_APP
ActionDispatch::HostAuthorization::IPV4_HOSTNAME
ActionDispatch::HostAuthorization::IPV6_HOSTNAME
ActionDispatch::HostAuthorization::IPV6_HOSTNAME_WITH_PORT
ActionDispatch::HostAuthorization::PORT_REGEX
ActionDispatch::HostAuthorization::VALID_IP_HOSTNAME

Methods (defined here)

# call
self. new

Private methods

(2) Implementation detail — not part of the public API.

# authorized?
# mark_as_authorized

Methods (inherited)

From Object (17)

# acts_like?
# blank?
# deep_dup
# duplicable?
# html_safe?
# in?
# instance_values
# instance_variable_names
# presence
# presence_in
# present?
# to_param
# to_query
# try
# try!
# unescape
# with_options

From ActiveRecord::TestFixtures (4)

# enlist_fixture_connections
# run_in_transaction?
# setup_fixtures
# teardown_fixtures

From ActiveSupport::Concern (2)

# class_methods
# included