summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoshua Pereyda <jtpereyda@users.noreply.github.com>2016-03-29 10:37:28 -0700
committerTim Graham <timograham@gmail.com>2016-04-04 11:08:12 -0400
commitf8b31dfdfc0cf6a516bcbc10c4e2f696ce3a9bda (patch)
tree70e961745c33e478bb9758533f9ea5fb15ce3776
parent99bb7fcc1859615a7b8c2468e7b97d54853bfb10 (diff)
Fixed #26419 -- Added a link in ALLOWED_HOSTS docs.
-rw-r--r--docs/ref/settings.txt5
1 files changed, 2 insertions, 3 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 8aa702779a..010e942e43 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -65,9 +65,8 @@ See :doc:`/howto/error-reporting` for more information.
Default: ``[]`` (Empty list)
A list of strings representing the host/domain names that this Django site can
-serve. This is a security measure to prevent an attacker from poisoning caches
-and triggering password reset emails with links to malicious hosts by submitting
-requests with a fake HTTP ``Host`` header, which is possible even under many
+serve. This is a security measure to prevent :ref:`HTTP Host header attacks
+<host-headers-virtual-hosting>`, which are possible even under many
seemingly-safe web server configurations.
Values in this list can be fully qualified names (e.g. ``'www.example.com'``),