mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-06-05 03:29:12 +00:00
Code Issues 32 Releases Wiki Activity

[1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5.

Browse Source
This commit is contained in:
Carl Meyer 2013-02-20 12:26:54 -07:00
parent 4cdfb24c98
commit 3adfc3f97d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/ref/settings.txt
View File

@ -104,6 +104,11 @@ This validation only applies via :meth:`~django.http.HttpRequest.get_host()`;
if your code accesses the ``Host`` header directly from ``request.META`` you if your code accesses the ``Host`` header directly from ``request.META`` you
are bypassing this security protection. are bypassing this security protection.
The default value of this setting in Django 1.4.4+ is ``['*']`` (accept any
host) in order to avoid breaking backwards-compatibility in a security update,
but in Django 1.5+ the default is ``[]`` and explicitly configuring this
setting is required.
.. setting:: ALLOWED_INCLUDE_ROOTS .. setting:: ALLOWED_INCLUDE_ROOTS
ALLOWED_INCLUDE_ROOTS ALLOWED_INCLUDE_ROOTS