Loading docs/ref/settings.txt +14 −0 Original line number Diff line number Diff line Loading @@ -79,6 +79,20 @@ responsible to provide your own validation of the ``Host`` header (perhaps in a middleware; if so this middleware must be listed first in :setting:`MIDDLEWARE_CLASSES`). .. note:: If you want to also allow the `fully qualified domain name (FQDN)`_, which some browsers can send in the Host header, you must explicitly add another ALLOWED_HOSTS entry that includes a trailing period. This entry can also be a subdomain wildcard:: ALLOWED_HOSTS = [ '.example.com', # Allow domain and subdomains '.example.com.', # Also allow FQDN and subdomains ] .. _`fully qualified domain name (FQDN)`: http://en.wikipedia.org/wiki/Fully_qualified_domain_name If the ``Host`` header (or ``X-Forwarded-Host`` if :setting:`USE_X_FORWARDED_HOST` is enabled) does not match any value in this list, the :meth:`django.http.HttpRequest.get_host()` method will raise Loading Loading
docs/ref/settings.txt +14 −0 Original line number Diff line number Diff line Loading @@ -79,6 +79,20 @@ responsible to provide your own validation of the ``Host`` header (perhaps in a middleware; if so this middleware must be listed first in :setting:`MIDDLEWARE_CLASSES`). .. note:: If you want to also allow the `fully qualified domain name (FQDN)`_, which some browsers can send in the Host header, you must explicitly add another ALLOWED_HOSTS entry that includes a trailing period. This entry can also be a subdomain wildcard:: ALLOWED_HOSTS = [ '.example.com', # Allow domain and subdomains '.example.com.', # Also allow FQDN and subdomains ] .. _`fully qualified domain name (FQDN)`: http://en.wikipedia.org/wiki/Fully_qualified_domain_name If the ``Host`` header (or ``X-Forwarded-Host`` if :setting:`USE_X_FORWARDED_HOST` is enabled) does not match any value in this list, the :meth:`django.http.HttpRequest.get_host()` method will raise Loading
