#29606: Validate the type of ALLOWED_HOSTS to prevent possible issues and wasted time -------------------------------------+------------------------------------- Reporter: rafis | Owner: nobody Type: New | Status: new feature | Component: Core | Version: 2.0 (System checks) | Severity: Normal | Keywords: allowed_hosts Triage Stage: | Has patch: 0 Unreviewed | Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 1 UI/UX: 0 | -------------------------------------+------------------------------------- Python has soft behavior for conducting iteration process over lists and over strings making them look the same: {{{#!python for char_or_item in str_or_list: -- `char_or_item` can be character or list item }}} It would be better if it would have more strict behavior, for example, {{{#!python for char in some_str.chars(): -- now `char` can be only of string type and `list` class would not have `chars` method }}} and for list {{{#!python for item in some_list.list_items(): -- `string` class would not have `list_items` method }}} This soft behavior usually leads to many nasty bugs to appear. Our two software engineers from our team wasted about 1 hour debugging the issue with ALLOWED_HOSTS being initialized with string in `local_settings.py` which is included at the end of `settings.py`. Django was matching each separate character of ALLOWED_HOSTS string against the "Host:" header from an incoming HTTP request.
An obvious self-suggesting solution is to add a new system check that will check the type of ALLOWED_HOSTS if it is string or not and notify the developer about possible improper configuration. I think blacklist checking (string or not) is more appropiate here, but I can be wrong. -- Ticket URL: <https://code.djangoproject.com/ticket/29606> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/048.7e8766aaf89f22f32f5fb264f8e7d7a9%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.