#35458: Docs: clarify need for ALLOWED_HOSTS ------------------------------------+-------------------------------------- Reporter: Klaas van Schelven | Owner: nobody Type: Uncategorized | Status: closed Component: Documentation | Version: 5.0 Severity: Normal | Resolution: needsinfo Keywords: | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ------------------------------------+-------------------------------------- Changes (by Sarah Boyce):
* component: Uncategorized => Documentation * resolution: => needsinfo * status: new => closed Comment: I believe the [https://docs.djangoproject.com/en/5.0/releases/1.4.4/#host- header-poisoning Django 1.4.4 release notes] gives more context. I think you're suggesting that Django should recommend or imply having `ALLOWED_HOSTS` as `["*"]` is safe. You should discuss this on the [https://forum.djangoproject.com/c/internals/5 Django forum] and state why this should be updated/allowed. As this relates to security, we need very strong consensus and evidence that this is safe before we can make an update. The security team may also want to review such an update. During this discussion you might conclude to add some doc clarifications. I am closing this request for now but if after a discussion you have a concrete proposal, please reopen the ticket for consideration. -- Ticket URL: <https://code.djangoproject.com/ticket/35458#comment:1> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/0107018f9f086387-b9b6053b-cb7d-4f93-af62-5c2a1acb171b-000000%40eu-central-1.amazonses.com.