Refs #26666 -- Added ALLOWED_HOSTS validation when running tests.

Also used ALLOWED_HOSTS to check for external hosts in assertRedirects().
author: Tobias McNulty <tobias@caktusgroup.com> 2016-06-03 15:02:38 -0700
committer: Tim Graham <timograham@gmail.com> 2016-06-20 11:07:46 -0400
commit: 17e661641ddaf8266e7430d83cfb2039abc55df7 (patch)
tree: faab4310a86fed5682ff343efcffc9a9816a2eb3 /docs/ref/settings.txt
parent: 00551c3eff5cedcb9cc7ce5af97b948d62713d97 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 01cecd44a4..7b9c8e89fb 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -90,14 +90,18 @@ If the ``Host`` header (or ``X-Forwarded-Host`` if
 list, the :meth:`django.http.HttpRequest.get_host()` method will raise
 :exc:`~django.core.exceptions.SuspiciousOperation`.
 
-When :setting:`DEBUG` is ``True`` or when running tests, host validation is
-disabled; any host will be accepted. Thus it's usually only necessary to set it
-in production.
+When :setting:`DEBUG` is ``True``, host validation is disabled; any host will
+be accepted. ``ALLOWED_HOSTS`` is :ref:`checked when running tests
+<topics-testing-advanced-multiple-hosts>`.
 
 This validation only applies via :meth:`~django.http.HttpRequest.get_host()`;
 if your code accesses the ``Host`` header directly from ``request.META`` you
 are bypassing this security protection.
 
+.. versionchanged:: 1.11
+
+    In older versions, ``ALLOWED_HOSTS`` wasn't checked when running tests.
+
 .. setting:: APPEND_SLASH
 
 ``APPEND_SLASH``
author	Tobias McNulty <tobias@caktusgroup.com>	2016-06-03 15:02:38 -0700
committer	Tim Graham <timograham@gmail.com>	2016-06-20 11:07:46 -0400
commit	17e661641ddaf8266e7430d83cfb2039abc55df7 (patch)
tree	faab4310a86fed5682ff343efcffc9a9816a2eb3 /docs/ref/settings.txt
parent	00551c3eff5cedcb9cc7ce5af97b948d62713d97 (diff)