Jets Rails Host Authorization

In older versions of Rails, you need to explicitly allow hosts when RAILS_ENV=production. This PR changes that behavior: Github rails: Only use HostAuthorization if configured #46858

Enable Host Authorization

If you want to enable host authorization anyway, here’s an example.


module Demo
 class Application < Rails::Application
 # config.hosts only used if set. If it's empty HostAuthorization is not checked
 config.hosts += [/.*\.amazonaws\.com/, /.*\.on\.aws/, "", /.*\.example\.com/]

CloudFront Distribution

With a CloudFront Distribution in front of the Lambda Function URL, it already does host checking. Only hosts that are part of the CloudFront aliases lists and verified with an ACM cert will be allowed. So, the Rails Host Authorization check may be extra debugging overhead.