Set trusted_host_patterns to *.ddev.site in local.settings.php

[JPustkuchen]

admin/reports/status says:

Einstellungen für vertrauenswürdige Hosts Nicht aktiviert Die Einstellung zu den trusted_host_patterns wird nicht über die settings.php Datei konfiguriert. Dies ist ein Sicherheitsrisiko. Es wird dringend empfohlen die Einstellung zu konfigurieren. Weitere Informationen zum Schutz vor HTTP-Host-Header-Attacken sind in der Online-Dokumentation verfügbar.

As in local.settings.php we're always in the .ddev.site domain, we could set it to

$settings['trusted_host_patterns'] = array(
  '^ddev\.site$',
  '^.+\.ddev\.site',
);

[JPustkuchen]

Created a pull request for this:

82

[joshsedl]

Merged.

[joshsedl]

Note, that I personally use the internal "https://127.0.0.1:49953" path for ddev, since the ddev url doesn't work because of my poor DNS settings, but I don't think that's a reason to include local ports...

[joshsedl]

I changed my mind regarding this. Since this repository is only meant for local development, there is no need to have "trusted_host_patterns". Also, if the project is renamed via the custom "ddev rename" command it is possible, that the URL name won't include "ddev" anymore, therefore denying access. Not mentioning connecting via localhost.

[JPustkuchen]

Ok, then we'll have to live with the warning in the Drupal Status report, but I think it's OK for dev ;)