mirror of https://github.com/django/django.git
Fixed #20338 - Document FQDN behavior with ALLOWED_HOSTS
This commit is contained in:
parent
780fa48f5f
commit
6bdeed1b81
|
@ -79,6 +79,20 @@ responsible to provide your own validation of the ``Host`` header (perhaps in a
|
|||
middleware; if so this middleware must be listed first in
|
||||
:setting:`MIDDLEWARE_CLASSES`).
|
||||
|
||||
.. note::
|
||||
|
||||
If you want to also allow the `fully qualified domain name (FQDN)`_, which
|
||||
some browsers can send in the Host header, you must explicitly add another
|
||||
ALLOWED_HOSTS entry that includes a trailing period. This entry can also be
|
||||
a subdomain wildcard::
|
||||
|
||||
ALLOWED_HOSTS = [
|
||||
'.example.com', # Allow domain and subdomains
|
||||
'.example.com.', # Also allow FQDN and subdomains
|
||||
]
|
||||
|
||||
.. _`fully qualified domain name (FQDN)`: http://en.wikipedia.org/wiki/Fully_qualified_domain_name
|
||||
|
||||
If the ``Host`` header (or ``X-Forwarded-Host`` if
|
||||
:setting:`USE_X_FORWARDED_HOST` is enabled) does not match any value in this
|
||||
list, the :meth:`django.http.HttpRequest.get_host()` method will raise
|
||||
|
|
Loading…
Reference in New Issue