The OriginValidator and AllowedHostsOriginValidator do not currently log anything to stdout/stderr when requests are denied.
API client tools like Insomnia may not set any Origin header when making a websocket request, or users could have their ALLOWED_HOSTS misconfigured, resulting in this output:
No information is given for why the request was rejected.
The OriginValidator could output an exception to stderr or another logger similar to its HTTP counter-part django.core.exceptions.DisallowedHost. This would result in friendlier output, e.g.:
WebSocket HANDSHAKING /ws/echo/ [172.20.0.1:51624]
> Invalid Origin header: 'example.com:8621'. You may need to add 'example.com' to ALLOWED_HOSTS.
WebSocket REJECT /ws/echo/ [172.20.0.1:51624]
WebSocket DISCONNECT /ws/echo/ [172.20.0.1:51624]
The OriginValidator and
AllowedHostsOriginValidator
do not currently log anything tostdout
/stderr
when requests are denied.API client tools like Insomnia may not set any
Origin
header when making a websocket request, or users could have theirALLOWED_HOSTS
misconfigured, resulting in this output:No information is given for why the request was rejected.
The
OriginValidator
could output an exception tostderr
or another logger similar to its HTTP counter-partdjango.core.exceptions.DisallowedHost
. This would result in friendlier output, e.g.: