Django notes: Difference between revisions

From Helpful
Jump to navigation Jump to search
(Created page with "{{stub}} ===Auth=== ===Sessions=== <!-- SessionMiddleware is on by default in projects created via django-admin startproject : In other cases, ensure django.contrib.ses...")
 
Line 33: Line 33:
ALLOWED_HOSTS should contain a list of the host/domain names that this Django site can serve.
ALLOWED_HOSTS should contain a list of the host/domain names that this Django site can serve.


It's empty by default to make you do this explicitly - because it's protection against some exploits based on Host headers.
It's empty when you start a project, to make you do this explicitly and knowingly
 
...because it's protection against some exploits based on Host headers.


See also
See also
* https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
* https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts

Revision as of 16:10, 13 September 2022

This article/section is a stub — some half-sorted notes, not necessarily checked, not necessarily correct. Feel free to ignore, or tell me about it.



Auth

Sessions

Errors

ModuleNotFoundError

If hosting via mod_wsgi, you probably want to add python-path=/path/to/app to your WSGIDaemonProcess line


DisallowedHost at /

ALLOWED_HOSTS should contain a list of the host/domain names that this Django site can serve.

It's empty when you start a project, to make you do this explicitly and knowingly

...because it's protection against some exploits based on Host headers.

See also

Retrieved from "https://helpful.knobs-dials.com/index.php?title=Django_notes&oldid=82951"