Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Formatting fix for host headers section

  • Loading branch information...
commit 58786897a1e3ef5d31134cb0870a321425d56fea 1 parent c651002
@davidfischer davidfischer authored
Showing with 5 additions and 5 deletions.
  1. +5 −5 docs/topics/security.txt
View
10 docs/topics/security.txt
@@ -176,11 +176,11 @@ Site Scripting attacks, they can be used for Cross-Site Request
Forgery and cache poisoning attacks in some circumstances. We
recommend you ensure your Web server is configured such that:
- * It always validates incoming HTTP ``Host`` headers against the expected
- host name.
- * Disallows requests with no ``Host`` header.
- * Is *not* configured with a catch-all virtual host that forwards requests
- to a Django application.
+* It always validates incoming HTTP ``Host`` headers against the expected
+ host name.
+* Disallows requests with no ``Host`` header.
+* Is *not* configured with a catch-all virtual host that forwards requests
+ to a Django application.
Additionally, as of 1.3.1, Django requires you to explicitly enable support for
the ``X-Forwarded-Host`` header if your configuration requires it.
Please sign in to comment.
Something went wrong with that request. Please try again.