Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5.

  • Loading branch information...
commit a57743c9ff904e8c8a90499d9f92bdbd52ff113a 1 parent a6927d8
Carl Meyer authored

Showing 1 changed file with 5 additions and 0 deletions. Show diff stats Hide diff stats

  1. 5  docs/ref/settings.txt
5  docs/ref/settings.txt
@@ -118,6 +118,11 @@ This validation only applies via :meth:`~django.http.HttpRequest.get_host()`;
118 118
 if your code accesses the ``Host`` header directly from ``request.META`` you
119 119
 are bypassing this security protection.
120 120
 
  121
+The default value of this setting in Django 1.3.6+ is ``['*']`` (accept any
  122
+host) in order to avoid breaking backwards-compatibility in a security update,
  123
+but in Django 1.5+ the default is ``[]`` and explicitly configuring this
  124
+setting is required.
  125
+
121 126
 .. setting:: ALLOWED_INCLUDE_ROOTS
122 127
 
123 128
 ALLOWED_INCLUDE_ROOTS

0 notes on commit a57743c

Please sign in to comment.
Something went wrong with that request. Please try again.