mirror of
https://github.com/django/django.git
synced 2025-06-05 11:39:13 +00:00
Formatting fix for host headers section
This commit is contained in:
parent
c65100248d
commit
58786897a1
@ -176,11 +176,11 @@ Site Scripting attacks, they can be used for Cross-Site Request
|
|||||||
Forgery and cache poisoning attacks in some circumstances. We
|
Forgery and cache poisoning attacks in some circumstances. We
|
||||||
recommend you ensure your Web server is configured such that:
|
recommend you ensure your Web server is configured such that:
|
||||||
|
|
||||||
* It always validates incoming HTTP ``Host`` headers against the expected
|
* It always validates incoming HTTP ``Host`` headers against the expected
|
||||||
host name.
|
host name.
|
||||||
* Disallows requests with no ``Host`` header.
|
* Disallows requests with no ``Host`` header.
|
||||||
* Is *not* configured with a catch-all virtual host that forwards requests
|
* Is *not* configured with a catch-all virtual host that forwards requests
|
||||||
to a Django application.
|
to a Django application.
|
||||||
|
|
||||||
Additionally, as of 1.3.1, Django requires you to explicitly enable support for
|
Additionally, as of 1.3.1, Django requires you to explicitly enable support for
|
||||||
the ``X-Forwarded-Host`` header if your configuration requires it.
|
the ``X-Forwarded-Host`` header if your configuration requires it.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user