mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-06-05 11:39:13 +00:00
Code Issues 32 Releases Wiki Activity

Formatting fix for host headers section

Browse Source
This commit is contained in:
David Fischer 2012-09-06 16:10:08 -04:00
parent c65100248d
commit 58786897a1
No known key found for this signature in database
GPG Key ID: F0C9B0ADA737AB60
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/topics/security.txt
View File

@ -176,11 +176,11 @@ Site Scripting attacks, they can be used for Cross-Site Request
Forgery and cache poisoning attacks in some circumstances. We Forgery and cache poisoning attacks in some circumstances. We
recommend you ensure your Web server is configured such that: recommend you ensure your Web server is configured such that:
* It always validates incoming HTTP ``Host`` headers against the expected * It always validates incoming HTTP ``Host`` headers against the expected
host name. host name.
* Disallows requests with no ``Host`` header. * Disallows requests with no ``Host`` header.
* Is *not* configured with a catch-all virtual host that forwards requests * Is *not* configured with a catch-all virtual host that forwards requests
to a Django application. to a Django application.
Additionally, as of 1.3.1, Django requires you to explicitly enable support for Additionally, as of 1.3.1, Django requires you to explicitly enable support for
the ``X-Forwarded-Host`` header if your configuration requires it. the ``X-Forwarded-Host`` header if your configuration requires it.