You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not entirely sure why it prevents sub-sub-domains - the CVE report doesn't explicitly mention them but this issue is a duplicate of #43953, so can you please close it and comment there if you wish.
Steps to reproduce
Run this test:
Expected behavior
It passes.
In other words, when I set up
.example.org
, I expectb.a.example.org
to be allowed as on Rails 6.1.4.1 and earlier.Actual behavior
It fails.
It succeeded on Rails 6.1.4.1 and earlier, but started to fail on Rails 6.1.4.2. Is this an intended change?
System configuration
rails 7.0.2.3:
ruby 2.7.2p137:
The text was updated successfully, but these errors were encountered: