Added a new required ALLOWED_HOSTS setting for HTTP host header validation.

This is a security fix; disclosure and advisory coming shortly.
author: Carl Meyer <carl@oddbird.net> 2013-02-09 10:17:01 -0700
committer: Carl Meyer <carl@oddbird.net> 2013-02-19 11:23:29 -0700
commit: d51fb74360b94f2a856573174f8aae3cd905dd35 (patch)
tree: c2d663edd49bfe6c09f8f492630f5dd344409ad6 /django/conf/project_template
parent: 1add79bc4007fee658f193b65aea2af2347aab6b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/django/conf/project_template/project_name/settings.py b/django/conf/project_template/project_name/settings.py
index 8815dc6bc0..d46f327922 100644
--- a/django/conf/project_template/project_name/settings.py
+++ b/django/conf/project_template/project_name/settings.py
@@ -25,6 +25,10 @@ DEBUG = True
 
 TEMPLATE_DEBUG = True
 
+# Hosts/domain names that are valid for this site; required if DEBUG is False
+# See https://docs.djangoproject.com/en/{{ docs_version }}/ref/settings/#allowed-hosts
+ALLOWED_HOSTS = []
+
 
 # Application definition
author	Carl Meyer <carl@oddbird.net>	2013-02-09 10:17:01 -0700
committer	Carl Meyer <carl@oddbird.net>	2013-02-19 11:23:29 -0700
commit	d51fb74360b94f2a856573174f8aae3cd905dd35 (patch)
tree	c2d663edd49bfe6c09f8f492630f5dd344409ad6 /django/conf/project_template
parent	1add79bc4007fee658f193b65aea2af2347aab6b (diff)