diff --git a/webapp/ruby/Gemfile.lock b/webapp/ruby/Gemfile.lock
index 5b23d5fef..9d0ece7ba 100644
--- a/webapp/ruby/Gemfile.lock
+++ b/webapp/ruby/Gemfile.lock
@@ -3,6 +3,7 @@ GEM
   specs:
     base64 (0.2.0)
     bcrypt (3.1.20)
+    logger (1.6.1)
     multi_json (1.15.0)
     mustermann (3.0.3)
       ruby2_keywords (~> 0.0.1)
@@ -13,25 +14,27 @@ GEM
     puma (6.5.0)
       nio4r (~> 2.0)
     rack (3.1.8)
-    rack-protection (4.0.0)
+    rack-protection (4.1.1)
       base64 (>= 0.1.0)
+      logger (>= 1.6.0)
       rack (>= 3.0.0, < 4)
     rack-session (2.0.0)
       rack (>= 3.0.0)
     rackup (2.2.1)
       rack (>= 3)
     ruby2_keywords (0.0.5)
-    sinatra (4.0.0)
+    sinatra (4.1.1)
+      logger (>= 1.6.0)
       mustermann (~> 3.0)
       rack (>= 3.0.0, < 4)
-      rack-protection (= 4.0.0)
+      rack-protection (= 4.1.1)
       rack-session (>= 2.0.0, < 3)
       tilt (~> 2.0)
-    sinatra-contrib (4.0.0)
+    sinatra-contrib (4.1.1)
       multi_json (>= 0.0.2)
       mustermann (~> 3.0)
-      rack-protection (= 4.0.0)
-      sinatra (= 4.0.0)
+      rack-protection (= 4.1.1)
+      sinatra (= 4.1.1)
       tilt (~> 2.0)
     tilt (2.4.0)
 
diff --git a/webapp/ruby/lib/isucari/web.rb b/webapp/ruby/lib/isucari/web.rb
index 4d382a1ec..e28e9f5d4 100644
--- a/webapp/ruby/lib/isucari/web.rb
+++ b/webapp/ruby/lib/isucari/web.rb
@@ -51,6 +51,9 @@ class Web < Sinatra::Base
     set :session_secret, 'tagomoris' * 8
     set :sessions, 'key' => 'isucari_session', 'expire_after' => 3600
 
+    # refs: https://github.com/advisories/GHSA-hxx2-7vcw-mqr3
+    set :host_authorization, { permitted_hosts: [] }
+
     helpers do
       def db
         Thread.current[:db] ||= Mysql2::Client.new(