Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5.

  • Loading branch information...
commit 3adfc3f97dc8ac5985a495b1a690b964f48ba208 1 parent 4cdfb24
Carl Meyer carljm authored
Showing with 5 additions and 0 deletions.
  1. +5 −0 docs/ref/settings.txt
5 docs/ref/settings.txt
View
@@ -104,6 +104,11 @@ This validation only applies via :meth:`~django.http.HttpRequest.get_host()`;
if your code accesses the ``Host`` header directly from ``request.META`` you
are bypassing this security protection.
+The default value of this setting in Django 1.4.4+ is ``['*']`` (accept any
+host) in order to avoid breaking backwards-compatibility in a security update,
+but in Django 1.5+ the default is ``[]`` and explicitly configuring this
+setting is required.
+
.. setting:: ALLOWED_INCLUDE_ROOTS
ALLOWED_INCLUDE_ROOTS
Please sign in to comment.
Something went wrong with that request. Please try again.