SECURITY: __ws shouldn't be able to override every domain in multisite

SECURITY: __ws shouldn’t be able to override every domain in multisite

diff --git a/config/initializers/200-first_middlewares.rb b/config/initializers/200-first_middlewares.rb
index 2467202..4732938 100644
--- a/config/initializers/200-first_middlewares.rb
+++ b/config/initializers/200-first_middlewares.rb
@@ -21,6 +21,10 @@ if Rails.env != 'development' || ENV['TRACK_REQUESTS']
 end
 
 if Rails.configuration.multisite
+  RailsMultisite::ConnectionManagement.asset_hostname =
+    GlobalSetting.cdn_origin_hostname ||
+    Discourse::Application.config.database_configuration[Rails.env]["host_names"].first
+
   # Multisite needs to be first, because the request tracker and message bus rely on it
   Rails.configuration.middleware.unshift RailsMultisite::Middleware, RailsMultisite::DiscoursePatches.config
   Rails.configuration.middleware.delete ActionDispatch::Executor

GitHub sha: 19b24e17