#19867: get_host shouldn't apply validation to server-set values -----------------------------------+------------------------------------ Reporter: anonymous | Owner: nobody Type: Bug | Status: closed Component: HTTP handling | Version: 1.4 Severity: Normal | Resolution: wontfix Keywords: get_host security | Triage Stage: Accepted Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -----------------------------------+------------------------------------
Comment (by apollo13): Independent of security vulnerabilities or not, Django relies on the value of get_host for URL reconstruction, so having only a SERVER_NAME as unix socket and no HOST header will break redirects anyways… -- Ticket URL: <https://code.djangoproject.com/ticket/19867#comment:6> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.