Add antiproxying protection.

Try to prevent malicious sites like danbooru.me or idanbooru.com from
proxying our site and inserting ads. If we detect that we're not running
on the real site, then we redirect to the real site.

app/javascript/src/javascripts/common.js.erb

@@ -19,6 +19,14 @@ $(function() {
     $('#notice').fadeOut("fast");
     e.preventDefault();
   });
+
+  const CANONICAL_DOMAIN = <%= Danbooru.config.domain.to_json.html_safe %>;
+  const CANONICAL_HOSTNAME = <%= Danbooru.config.hostname.to_json.html_safe %>;
+  const ENABLE_ANTIPROXYING = <%= Danbooru.config.enable_antiproxying?.to_json.html_safe %>;
+
+  if (ENABLE_ANTIPROXYING && !location.hostname.endsWith(CANONICAL_DOMAIN)) {
+    location.hostname = CANONICAL_HOSTNAME;
+  }
 });
 
 window.submitInvisibleRecaptchaForm = function () {

config/danbooru_default_config.rb

@@ -25,11 +25,16 @@ module Danbooru
       "Danbooru"
     end
 
-    # The canonical hostname of the site.
+    # The canonical hostname for the site, e.g. danbooru.donmai.us.
     def hostname
       Socket.gethostname
     end
 
+    # The canonical base domain for the site, e.g. donmai.us.
+    def domain
+      hostname
+    end
+
     # Contact email address of the admin.
     def contact_email
       "webmaster@#{hostname}"
@@ -551,6 +556,11 @@ module Danbooru
     def redis_url
       "redis://localhost:6379"
     end
+
+    # Try to prevent copycat sites from proxying our site and inserting ads or phishing passwords.
+    def enable_antiproxying?
+      Rails.env.production?
+    end
   end
 
   class EnvironmentConfiguration