In settings.py we are setting ALLOWED_HOSTS = ['*'], and there's a line commented out:
#ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS').split(' ') --> Fails because of Django header mismatch
Don't allow * in production, read the allowed host from the ENV. If the headers aren't working, figure out why the nginx conf isn't passing along the right ones and fix it there. This is a config that I have used, remember that the env cannot be used in an nginx conf easily:
In
settings.py
we are settingALLOWED_HOSTS = ['*']
, and there's a line commented out:Don't allow * in production, read the allowed host from the ENV. If the headers aren't working, figure out why the nginx conf isn't passing along the right ones and fix it there. This is a config that I have used, remember that the env cannot be used in an nginx conf easily:
Same issue with
CSRF_TRUSTED_ORIGINS