diff options
| author | Carl Meyer <carl@oddbird.net> | 2013-02-20 12:26:54 -0700 |
|---|---|---|
| committer | Carl Meyer <carl@oddbird.net> | 2013-02-20 12:26:54 -0700 |
| commit | 3adfc3f97dc8ac5985a495b1a690b964f48ba208 (patch) | |
| tree | adf5047e2f7ece4de9a92f4aab0ee63fd0760216 | |
| parent | 4cdfb24c9847f89a332742dbc476f189de4989dc (diff) | |
[1.4.x] Note that ALLOWED_HOSTS default changes in Django 1.5.
| -rw-r--r-- | docs/ref/settings.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index f992eef3e7..43aa9b2905 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -104,6 +104,11 @@ This validation only applies via :meth:`~django.http.HttpRequest.get_host()`; if your code accesses the ``Host`` header directly from ``request.META`` you are bypassing this security protection. +The default value of this setting in Django 1.4.4+ is ``['*']`` (accept any +host) in order to avoid breaking backwards-compatibility in a security update, +but in Django 1.5+ the default is ``[]`` and explicitly configuring this +setting is required. + .. setting:: ALLOWED_INCLUDE_ROOTS ALLOWED_INCLUDE_ROOTS |