From 10e75a9da2bc213d9b65100c9fedc1e01cce20cb Mon Sep 17 00:00:00 2001
From: Chris Ashton <ChrisBAshton@users.noreply.github.com>
Date: Fri, 18 Oct 2024 11:20:52 +0100
Subject: [PATCH 1/2] Fix hosts regex

See https://github.com/alphagov/contacts-admin/pull/1483#issuecomment-2421660720
---
 config/environments/production.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 0a2ef69715c..ac0d9e1b437 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -104,7 +104,7 @@
 
   # Enable DNS rebinding protection and other `Host` header attacks.
   config.hosts = [
-    /whitehall-admin\..*gov.uk?/,
+    /whitehall-admin\..*\.gov.uk?/,
   ]
 
   # Skip DNS rebinding protection for the default health check endpoint.

From 97693f134ae66e54951f5fb6a692acd6ba1fef13 Mon Sep 17 00:00:00 2001
From: Chris Ashton <ChrisBAshton@users.noreply.github.com>
Date: Fri, 18 Oct 2024 12:15:30 +0100
Subject: [PATCH 2/2] Safely match `gov.uk` at end of regex

---
 config/environments/production.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index ac0d9e1b437..adeb6603ce9 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -104,7 +104,7 @@
 
   # Enable DNS rebinding protection and other `Host` header attacks.
   config.hosts = [
-    /whitehall-admin\..*\.gov.uk?/,
+    /whitehall-admin\..*\.gov.uk$/,
   ]
 
   # Skip DNS rebinding protection for the default health check endpoint.