[Toaster] [PATCH 0/1] toaster: add * to ALLOWED_HOSTS setting
brian avery
brian.avery at intel.com
Tue Nov 1 17:03:55 PDT 2016
As of Django 1.8.16, django is rejecting any HTTP_HOST header that is
not on the ALLOWED_HOST list. We often need to reference the
toaster server via a fqdn, if we start it via webport=0.0.0.0:8000 for
instance, and are hitting the server from a laptop. This change does
reduce the protection from a DNS rebinding attack, however, if you are
running the toaster server outside a protected network, you need to be
using the production instance.
In particular, this prevents the toaster container tests from running as well
as the containers from working as is in the Windows Docker Toolbox case.
-brian
The following changes since commit c3d2df883a9d6d5036277114339673656d89a728:
oeqa/selftest/kernel.py: Add new file destined for kernel related tests (2016-11-01 10:05:46 +0000)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib bavery/toaster/fixALLOWED_HOSTexclusion
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=bavery/toaster/fixALLOWED_HOSTexclusion
brian avery (1):
toaster: settings.py , add * to ALLOWED_HOSTS
lib/toaster/toastermain/settings.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
1.9.1
More information about the toaster
mailing list