Class: PactBroker::UI::Controllers::Base

Inherits:
Padrino::Application
  • Object
show all
Defined in:
lib/pact_broker/ui/controllers/base_controller.rb

Direct Known Subclasses

CanIDeploy, Dashboard, ErrorTest, Groups, Index, Matrix, Pacts

Instance Method Summary collapse

Instance Method Details

#base_urlObject



18
19
20
21
22
23
24
# File 'lib/pact_broker/ui/controllers/base_controller.rb', line 18

def base_url
  # Using the X-Forwarded headers in the UI can leave the app vulnerable
  # https://www.acunetix.com/blog/articles/automated-detection-of-host-header-attacks/
  # Either use the explicitly configured base url or an empty string,
  # rather than request.base_url, which uses the X-Forwarded headers.
  env["pactbroker.base_url"] || ""
end