diff options
| author | Joshua Pereyda <jtpereyda@users.noreply.github.com> | 2016-03-29 10:37:28 -0700 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-04-04 11:08:12 -0400 |
| commit | f8b31dfdfc0cf6a516bcbc10c4e2f696ce3a9bda (patch) | |
| tree | 70e961745c33e478bb9758533f9ea5fb15ce3776 | |
| parent | 99bb7fcc1859615a7b8c2468e7b97d54853bfb10 (diff) | |
Fixed #26419 -- Added a link in ALLOWED_HOSTS docs.
| -rw-r--r-- | docs/ref/settings.txt | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 8aa702779a..010e942e43 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -65,9 +65,8 @@ See :doc:`/howto/error-reporting` for more information. Default: ``[]`` (Empty list) A list of strings representing the host/domain names that this Django site can -serve. This is a security measure to prevent an attacker from poisoning caches -and triggering password reset emails with links to malicious hosts by submitting -requests with a fake HTTP ``Host`` header, which is possible even under many +serve. This is a security measure to prevent :ref:`HTTP Host header attacks +<host-headers-virtual-hosting>`, which are possible even under many seemingly-safe web server configurations. Values in this list can be fully qualified names (e.g. ``'www.example.com'``), |
