Blocked host: localhost ruby on rails 6.0.0

Question

I am developing my first rails 6 app but when I try to serve it in development environment behind my nginx server, I find this message

I tried adding the configuration mentioned in the error in config/environments/development.rb and in config/application.rb but it didn't work.

I am using rails 6.0.0, ruby 2.6.5, nginx 1.10.3

If I go to http://localhost:3000 (the puma URL directly) it works fine. But I want to know why I am getting this error.

Answer 1

Host Authorization is added because of DNS rebinding attacks here are more details about and also link to more detailed explanation.

Introduce ActionDispatch::HostAuthorization Host Authorization is a new middleware that guards against DNS rebinding attacks by explicitly permitting the hosts a request can be sent to. More information about the attack itself is available in this Medium post and in Daniel Miessler’s DNS Rebinding attack explained. By default it’s set for all Rails 6 applications and allows in development the following hosts IPAddr.new(“0.0.0.0/0”), IPAddr.new(“::/0”), “localhost”] it supports arrays of RegExp, Proc, IPAddr and String or a single String in the configuration. What this means is that with Rails 6, we will need to explicitly set our domains in the environments configuration files. More information is available at the HostAuthoriation code and HostAuthorization tests.