Add TRUSTED_HOSTS config. In Flask.create_url_adapter, which is called when creating a RequestContext, set request.trusted_hosts to the config. Call get_host with the config, and assign it to request.host to pre-cache the property.
I considered making flask.Request.trusted_hosts a property, so that setting it would trigger validation again automatically. I'm not confident this difference in behavior from Werkzeug, where only accessing request.host triggers validation, would be good. If it's a good idea, it can be done in Werkzeug.
Add
TRUSTED_HOSTSconfig. InFlask.create_url_adapter, which is called when creating aRequestContext, setrequest.trusted_hoststo the config. Callget_hostwith the config, and assign it torequest.hostto pre-cache the property.I considered making
flask.Request.trusted_hostsa property, so that setting it would trigger validation again automatically. I'm not confident this difference in behavior from Werkzeug, where only accessingrequest.hosttriggers validation, would be good. If it's a good idea, it can be done in Werkzeug.fixes #5636