[Toaster] [PATCH 1/1] toaster: settings.py , add * to ALLOWED_HOSTS
brian avery
brian.avery at intel.com
Tue Nov 1 17:03:57 PDT 2016
As of Django 1.8.16, django is rejecting any HTTP_HOST header that is
not on the ALLOWED_HOST list. We often need to reference the
toaster server via a fqdn, if we start it via webport=0.0.0.0:8000 for
instance, and are hitting the server from a laptop. This change does
reduce the protection from a DNS rebinding attack, however, if you are
running the toaster server outside a protected network, you need to be
using the production instance.
Fixes [YOCTO #10578 ].
Signed-off-by: brian avery <brian.avery at intel.com>
---
lib/toaster/toastermain/settings.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/toaster/toastermain/settings.py b/lib/toaster/toastermain/settings.py
index 3dfa2b2..718e809 100644
--- a/lib/toaster/toastermain/settings.py
+++ b/lib/toaster/toastermain/settings.py
@@ -62,7 +62,9 @@ if 'sqlite' in DATABASES['default']['ENGINE']:
# Hosts/domain names that are valid for this site; required if DEBUG is False
# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
-ALLOWED_HOSTS = []
+# update as of django 1.8.16 release, the '*' is needed to allow us to connect while running
+# on hosts with unknown fqdn. https://docs.djangoproject.com/en/dev/ref/settings/
+ALLOWED_HOSTS = ['localhost','127.0.0.1','::1','*']
# Local time zone for this installation. Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
--
1.9.1
More information about the toaster
mailing list