summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/ref/settings.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index f992eef3e7..43aa9b2905 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -104,6 +104,11 @@ This validation only applies via :meth:`~django.http.HttpRequest.get_host()`;
if your code accesses the ``Host`` header directly from ``request.META`` you
are bypassing this security protection.
+The default value of this setting in Django 1.4.4+ is ``['*']`` (accept any
+host) in order to avoid breaking backwards-compatibility in a security update,
+but in Django 1.5+ the default is ``[]`` and explicitly configuring this
+setting is required.
+
.. setting:: ALLOWED_INCLUDE_ROOTS
ALLOWED_INCLUDE_ROOTS
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 20:27:08 +0000