[PATCH] settings: Wildcard 'ALLOWED_HOSTS' settings
Stephen Finucane
stephen at that.guru
Wed Feb 8 08:47:16 AEDT 2017
Django 1.10.3, 1.9.11 and 1.8.16 changed default behavior for
ALLOWED_HOSTS to prevent DNS rebinding attacks [1]. Unfortunately this
also means we can't access the development Docker or Vagrant installs
by IP address. Sidestep the issue by wildcarding the 'ALLOWED_HOSTS'
setting for development, thus allowing connections from any IP.
[1] https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
Signed-off-by: Stephen Finucane <stephen at that.guru>
Cc: Daniel Axtens <dja at axtens.net>
---
patchwork/settings/dev.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/patchwork/settings/dev.py b/patchwork/settings/dev.py
index a084d6a..ee5b203 100644
--- a/patchwork/settings/dev.py
+++ b/patchwork/settings/dev.py
@@ -18,6 +18,9 @@ from .base import * # noqa
# https://docs.djangoproject.com/en/1.8/ref/settings/#core-settings
#
+
+ALLOWED_HOSTS = ['*']
+
SECRET_KEY = '00000000000000000000000000000000000000000000000000' # noqa
DEBUG = True
--
2.9.3
More information about the Patchwork
mailing list