New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ALLOWED_HOSTS configuration #293

avelino opened this Issue Mar 28, 2018 · 0 comments


1 participant

avelino commented Mar 28, 2018

Default: [] (Empty list)

A list of strings representing the host/domain names that this pREST API can serve. This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations.

Values in this list can be fully qualified names (e.g. ''), in which case they will be matched against the request’s Host header exactly (case-insensitive, not including port). A value beginning with a period can be used as a subdomain wildcard: '' will match,, and any other subdomain of A value of '*' will match anything.

When DEBUG is True and ALLOWED_HOSTS is empty, the host is validated against ['localhost', '', '[::1]'].

Note: We can use this description in the documentation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment