On Jan 26, 6:56 pm, FeatherDark <msensei...@gmail.com> wrote: > Greetings huge django developer list, > I just wanted to mention, this method totally works for me, I call it > "Skinning" > > In the templates folder I have a file called "base.html' > Inside that file is only 1 line: > {% extends request.META.HTTP_HOST|cut:':'|add:'.html'%}
request.META.HTTP_HOST is coming from Client. "Trust but verify", you are not verifying this. It could pose a security risk. One could send a request with malicious Host header and make the site retrieve different template. This is not a serious issue, since you probably don't have templates that would wreak havoc. Why don't you create own template context processor that would add the verified HTTP_HOST to template context? Then you could do just {% extend MY_VERIFIED_HTTP_HOST %} See: http://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.META http://docs.djangoproject.com/en/dev/ref/templates/api/#writing-your-own-context-processors -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.