In Ruby, can request.host be trusted to differentiate between a staging environment and production?
Let’s say I have two environments: https://qa.example.com and https://example.com. In QA, I want to allow access to something insecure, like a special route that allows logging in without a password.
What are the security concerns of check… Continue reading In Ruby, can request.host be trusted to differentiate between a staging environment and production?