diff options
| author | Carl Meyer <carl@oddbird.net> | 2013-02-20 12:26:54 -0700 |
|---|---|---|
| committer | Carl Meyer <carl@oddbird.net> | 2013-02-20 12:28:39 -0700 |
| commit | a57743c9ff904e8c8a90499d9f92bdbd52ff113a (patch) | |
| tree | ec77754c30990b11188042bbbc02c2fdfbe4592d | |
| parent | a6927d821941fa5c25f277479e84e3c32fe005cd (diff) | |
[1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5.
| -rw-r--r-- | docs/ref/settings.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 68869f166c..7711240a65 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -118,6 +118,11 @@ This validation only applies via :meth:`~django.http.HttpRequest.get_host()`; if your code accesses the ``Host`` header directly from ``request.META`` you are bypassing this security protection. +The default value of this setting in Django 1.3.6+ is ``['*']`` (accept any +host) in order to avoid breaking backwards-compatibility in a security update, +but in Django 1.5+ the default is ``[]`` and explicitly configuring this +setting is required. + .. setting:: ALLOWED_INCLUDE_ROOTS ALLOWED_INCLUDE_ROOTS |