From a9f2da77087eae73e682a6824c9bdf6f73f699a5 Mon Sep 17 00:00:00 2001
From: Chris Ashton <ChrisBAshton@users.noreply.github.com>
Date: Fri, 18 Oct 2024 11:20:53 +0100
Subject: [PATCH 1/2] Fix hosts regex

See https://github.com/alphagov/contacts-admin/pull/1483#issuecomment-2421660720
---
 config/environments/production.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index eb49f9d1..f22875eb 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -86,7 +86,7 @@
 
   # Enable DNS rebinding protection and other `Host` header attacks.
   config.hosts = [
-    /travel-advice-publisher\..*gov.uk?/,
+    /travel-advice-publisher\..*\.gov.uk?/,
   ]
 
   # Skip DNS rebinding protection for the default health check endpoint.

From f6ea641c42e38aec578458a9c06bb2a1b825fa08 Mon Sep 17 00:00:00 2001
From: Chris Ashton <ChrisBAshton@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:15:16 +0100
Subject: [PATCH 2/2] Safely match `gov.uk` at end of regex

---
 config/environments/production.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index f22875eb..7d029d72 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -86,7 +86,7 @@
 
   # Enable DNS rebinding protection and other `Host` header attacks.
   config.hosts = [
-    /travel-advice-publisher\..*\.gov.uk?/,
+    /travel-advice-publisher\..*\.gov.uk$/,
   ]
 
   # Skip DNS rebinding protection for the default health check endpoint.