[PATCH] settings: Wildcard 'ALLOWED_HOSTS' settings
Daniel Axtens
dja at axtens.net
Tue Feb 14 08:21:26 AEDT 2017
Hi Stephen,
Are you connecting using the IP address of the container/VM itself, or
are you using the port bound to localhost?
Without this patch, I can access localhost:8000 fine when I run
"docker-compose up". It's only when I try to connect directly to the
container using the container's IP address (In my case 172.17.0.3:8000)
that I get a DisallowedHost error.
I'm guessing the same thing occurs with Vagrant - if memory serves you'd
usually connect to the port bound to localhost - which should work. But,
if you connect to the VM directly it won't work.
I'm not opposed to the patch, I'm just curious as to why you'd ever
connect using the IP address.
Regards,
Daniel
Stephen Finucane <stephen at that.guru> writes:
> Django 1.10.3, 1.9.11 and 1.8.16 changed default behavior for
> ALLOWED_HOSTS to prevent DNS rebinding attacks [1]. Unfortunately this
> also means we can't access the development Docker or Vagrant installs
> by IP address. Sidestep the issue by wildcarding the 'ALLOWED_HOSTS'
> setting for development, thus allowing connections from any IP.
>
> [1] https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
>
> Signed-off-by: Stephen Finucane <stephen at that.guru>
> Cc: Daniel Axtens <dja at axtens.net>
> ---
> patchwork/settings/dev.py | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/patchwork/settings/dev.py b/patchwork/settings/dev.py
> index a084d6a..ee5b203 100644
> --- a/patchwork/settings/dev.py
> +++ b/patchwork/settings/dev.py
> @@ -18,6 +18,9 @@ from .base import * # noqa
> # https://docs.djangoproject.com/en/1.8/ref/settings/#core-settings
> #
>
> +
> +ALLOWED_HOSTS = ['*']
> +
> SECRET_KEY = '00000000000000000000000000000000000000000000000000' # noqa
>
> DEBUG = True
> --
> 2.9.3
More information about the Patchwork
mailing list