[1.3.X] Added protection against spoofing of X_FORWARDED_HOST headers. A security announcement will be made shortly.

Backport of r16758 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@16761 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Russell Keith-Magee <russell@keith-magee.com> 2011-09-10 01:07:50 +0000
committer: Russell Keith-Magee <russell@keith-magee.com> 2011-09-10 01:07:50 +0000
commit: 2f7fadc38efa58ac0a8f93f936b82332a199f396 (patch)
tree: 7dd728c23aab45ff9f24f03453d8417684cf7ee7 /docs/ref/settings.txt
parent: afe47636f7dbbd18a79148c3c5d14e897a7d66dc (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 6d69a085d9..175e50818c 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -1960,6 +1960,19 @@ in order to format numbers.
 
 See also :setting:`THOUSAND_SEPARATOR` and :setting:`NUMBER_GROUPING`.
 
+.. setting:: USE_X_FORWARDED_HOST
+
+USE_X_FORWARDED_HOST
+--------------------
+
+.. versionadded:: 1.3.1
+
+Default: ``False``
+
+A boolean that specifies whether to use the X-Forwarded-Host header in
+preference to the Host header. This should only be enabled if a proxy
+which sets this header is in use.
+
 .. setting:: YEAR_MONTH_FORMAT
 
 YEAR_MONTH_FORMAT
author	Russell Keith-Magee <russell@keith-magee.com>	2011-09-10 01:07:50 +0000
committer	Russell Keith-Magee <russell@keith-magee.com>	2011-09-10 01:07:50 +0000
commit	2f7fadc38efa58ac0a8f93f936b82332a199f396 (patch)
tree	7dd728c23aab45ff9f24f03453d8417684cf7ee7 /docs/ref/settings.txt
parent	afe47636f7dbbd18a79148c3c5d14e897a7d66dc (diff)