Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed #26419 -- Rephrased a sentence in ALLOWED_HOSTS docs. #6357

Closed
wants to merge 3 commits into from
Closed

Fixed #26419 -- Rephrased a sentence in ALLOWED_HOSTS docs. #6357

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b29a783
Clarify ALLOWED_HOSTS Purpose; Ticket #26419
jtpereyda Mar 29, 2016
3681a31
Clarify ALLOWED_HOSTS purpose; review updates
jtpereyda Apr 3, 2016
6e95a93
ALLOWED_HOSTS further reword explanation
jtpereyda Apr 3, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 3 additions & 4 deletions docs/ref/settings.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,9 @@ See :doc:`/howto/error-reporting` for more information.
Default: ``[]`` (Empty list)

A list of strings representing the host/domain names that this Django site can
serve. This is a security measure to prevent an attacker from poisoning caches
and triggering password reset emails with links to malicious hosts by submitting
requests with a fake HTTP ``Host`` header, which is possible even under many
seemingly-safe web server configurations.
serve. This is a security measure to prevent
:ref:`HTTP Host header attacks <host-headers-virtual-hosting>`, which are
possible even under many seemingly-safe web server configurations.

Values in this list can be fully qualified names (e.g. ``'www.example.com'``),
in which case they will be matched against the request's ``Host`` header
Expand Down