p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #20338 - Document FQDN behavior with ALLOWED_HOSTS

This commit is contained in:
Michael Manfre 2013-05-01 12:13:09 -06:00 committed by Carl Meyer
parent 780fa48f5f
commit 6bdeed1b81
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/ref/settings.txt
View File

@ -79,6 +79,20 @@ responsible to provide your own validation of the ``Host`` header (perhaps in a
middleware; if so this middleware must be listed first in middleware; if so this middleware must be listed first in
:setting:`MIDDLEWARE_CLASSES`). :setting:`MIDDLEWARE_CLASSES`).
.. note::
If you want to also allow the `fully qualified domain name (FQDN)`_, which
some browsers can send in the Host header, you must explicitly add another
ALLOWED_HOSTS entry that includes a trailing period. This entry can also be
a subdomain wildcard::
ALLOWED_HOSTS = [
'.example.com', # Allow domain and subdomains
'.example.com.', # Also allow FQDN and subdomains
]
.. _`fully qualified domain name (FQDN)`: http://en.wikipedia.org/wiki/Fully_qualified_domain_name
If the ``Host`` header (or ``X-Forwarded-Host`` if If the ``Host`` header (or ``X-Forwarded-Host`` if
:setting:`USE_X_FORWARDED_HOST` is enabled) does not match any value in this :setting:`USE_X_FORWARDED_HOST` is enabled) does not match any value in this
list, the :meth:`django.http.HttpRequest.get_host()` method will raise list, the :meth:`django.http.HttpRequest.get_host()` method will raise