diff options
Diffstat (limited to 'django/http/request.py')
| -rw-r--r-- | django/http/request.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/django/http/request.py b/django/http/request.py index 398cf20dfb..c680a39eab 100644 --- a/django/http/request.py +++ b/django/http/request.py @@ -85,12 +85,13 @@ class HttpRequest(object): if server_port != ('443' if self.is_secure() else '80'): host = '%s:%s' % (host, server_port) - # There is no hostname validation when DEBUG=True - if settings.DEBUG: - return host + # Allow variants of localhost if ALLOWED_HOSTS is empty and DEBUG=True. + allowed_hosts = settings.ALLOWED_HOSTS + if settings.DEBUG and not allowed_hosts: + allowed_hosts = ['localhost', '127.0.0.1', '[::1]'] domain, port = split_domain_port(host) - if domain and validate_host(domain, settings.ALLOWED_HOSTS): + if domain and validate_host(domain, allowed_hosts): return host else: msg = "Invalid HTTP_HOST header: %r." % host |