[Toaster] [PATCH 0/1] toaster: set ALLOWED_HOSTS to *
Brian Avery
avery.brian at gmail.com
Wed Nov 2 12:39:17 PDT 2016
This is V2; bad subject line :(.
-b
an intel employee
On Wed, Nov 2, 2016 at 12:33 PM, brian avery <brian.avery at intel.com> wrote:
> Django 1.8.16 now enforces ALOWED_HOSTS even if DEBUG is true. Therefore,
> we need to set the value to '*' to allow us to connect to a toaster
> instance
> from off server. It is also needed to allow connection to the toaster
> instance
> in certain kinds of containers.
>
> Since the non localhost interface is only bound to if we explicitly start
> toaster
> with webport=0.0.0.0:<port>, this change will not expose additional
> vulnerablilities.
>
> -Brian
>
> The following changes since commit c3d2df883a9d6d5036277114339673
> 656d89a728:
>
> oeqa/selftest/kernel.py: Add new file destined for kernel related tests
> (2016-11-01 10:05:46 +0000)
>
> are available in the git repository at:
>
> git://git.yoctoproject.org/poky-contrib bavery/toaster/fixALLOWED_
> HOSTexclusionV2
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=
> bavery/toaster/fixALLOWED_HOSTexclusionV2
>
> brian avery (1):
> toaster: settings.py , set ALLOWED_HOSTS to *
>
> lib/toaster/toastermain/settings.py | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
>
> --
> 1.9.1
> --
> _______________________________________________
> toaster mailing list
> toaster at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/toaster
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/toaster/attachments/20161102/370246fe/attachment.html>
More information about the toaster
mailing list