ALLOWED_HOSTS allows open access to backend

Equidistant-403 / equidistant

Equidistant is an app to help you and your group get over the decision fatigue of a common meeting place by suggesting great rated places. It works by taking the commute time and what the users want to do as a main criterion to suggest great options for the whole group.

5 stars 0 forks source link

ALLOWED_HOSTS allows open access to backend #42

Open pandabear15 opened 1 year ago

pandabear15 commented 1 year ago

Currently, the settings.py file in #40 sets ALLOWED_HOSTS to be ["*"], which could potentially allow for places other than our designated frontend page to access the backend. We should change this as soon as possible.

jspaniac commented 1 year ago

Same goes for CSRF (not just CORS)