mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-02 18:13:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refs #26666 -- Added ALLOWED_HOSTS validation when running tests.

Browse source 
Also used ALLOWED_HOSTS to check for external hosts in assertRedirects().
This commit is contained in:
Tobias McNulty 2016-06-03 15:02:38 -07:00 committed by Tim Graham
parent 00551c3eff
commit 17e661641d
11 changed files with 105 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

10
docs/ref/settings.txt
View file

@ -90,14 +90,18 @@ If the ``Host`` header (or ``X-Forwarded-Host`` if
list, the :meth:`django.http.HttpRequest.get_host()` method will raise
:exc:`~django.core.exceptions.SuspiciousOperation`.
When :setting:`DEBUG` is ``True`` or when running tests, host validation is
disabled; any host will be accepted. Thus it's usually only necessary to set it
in production.
When :setting:`DEBUG` is ``True``, host validation is disabled; any host will
be accepted. ``ALLOWED_HOSTS`` is :ref:`checked when running tests
<topics-testing-advanced-multiple-hosts>`.
This validation only applies via :meth:`~django.http.HttpRequest.get_host()`;
if your code accesses the ``Host`` header directly from ``request.META`` you
are bypassing this security protection.
.. versionchanged:: 1.11
In older versions, ``ALLOWED_HOSTS`` wasn't checked when running tests.
.. setting:: APPEND_SLASH
``APPEND_SLASH``