From 629f2990fcfcab5d7779595d5f09de8e1c8d70e5 Mon Sep 17 00:00:00 2001
From: Chris Ashton <ChrisBAshton@users.noreply.github.com>
Date: Fri, 18 Oct 2024 11:20:58 +0100
Subject: [PATCH 1/2] Fix hosts regex

See https://github.com/alphagov/contacts-admin/pull/1483#issuecomment-2421660720
---
 config/environments/production.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index d445829bf..30d7948ad 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -78,7 +78,7 @@
 
   # Enable DNS rebinding protection and other `Host` header attacks.
   config.hosts = [
-    /manuals-publisher\..*gov.uk?/,
+    /manuals-publisher\..*\.gov.uk?/,
   ]
 
   # Skip DNS rebinding protection for the default health check endpoint.

From d9d5c2641f0d34f4e7937edf0fcc7bcd035277aa Mon Sep 17 00:00:00 2001
From: Chris Ashton <ChrisBAshton@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:13:51 +0100
Subject: [PATCH 2/2] Safely match `gov.uk` at end of regex

---
 config/environments/production.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 30d7948ad..2e627a052 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -78,7 +78,7 @@
 
   # Enable DNS rebinding protection and other `Host` header attacks.
   config.hosts = [
-    /manuals-publisher\..*\.gov.uk?/,
+    /manuals-publisher\..*\.gov.uk$/,
   ]
 
   # Skip DNS rebinding protection for the default health check endpoint.