Includes ALLOWED_HOSTS config in settings/production.py

freedomofpress / securethenews

An automated scanner and web dashboard for tracking TLS deployment across news organizations

https://securethe.news

GNU Affero General Public License v3.0

100 stars 25 forks source link

Includes ALLOWED_HOSTS config in settings/production.py #45

Closed conorsch closed 7 years ago

conorsch commented 7 years ago

For production deployments, Django validates the Host header in requests and checks it against a list of permitted hosts, e.g. FQDNs. Let's read those in from an environment variable. Declaration of the environment variable is required, otherwise the split() call will fail. This is intentional.

Also adding optional support for CSRF_TRUSTED_ORIGINS, again only in prod settings.

Closes #38.

msheiny commented 7 years ago

I'm going to go ahead and merge this change, it only affects the production settings code and we can't really deploy without it.