To prevent Host header poisoning https://www.djangoproject.com/weblog/2013/feb/19/security/#s-issue-host-header-poisoning
On 1/5/17, Antonis Christofides <[email protected]> wrote: > If Django is listening at http://mydjangoproject.com/, then the web server > is > normally configured to proxy pass mydjangoproject.com requests to django. If > I > visit http://server_ip_address/ or > http://another_domain_that_points_to_the_same_server/, nginx/Apache should > normally not proxy pass the request to Django. > > So I was wondering: why was the seemingly superfluous ALLOWED_HOSTS added > to > Django? What is its use case? > > Thanks! > > Antonis > > -- > Antonis Christofides > http://djangodeployment.com > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/ad921e19-4c46-cb56-b3d6-ee8ff90fe429%40djangodeployment.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALn3ei0BC-nWzx%3DH0NOPSSrO2ZAmtayp6e3KTYBbHWF9cQyeNw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
