On 11/11/25 08:45, dap1--- via Mailman-users wrote:
Not sure what that means. I would expect to allow any domain to access mailman-web since members can come from anywhere. Isn't that what the '*' means?.ALLOWED_HOSTS = ["*", "localhost", # Archiving API from Mailman, keep it. "127.0.0.1", # "lists.your-domain.org", # Add here all production domains you have. ]
You should not have the "*". The remote host accessing mailman-web does not need to be in ALLOWED_HOSTS. The host that needs to be allowed is the host that is receiving the request.
You should remove the "*" as it's too permissive, and as it says, add any and all host names that external users use to access the system. That's why it's called ALLOWED_HOSTS rather that CLIENTS.
And have you tried logging in using one of those host names rather than localhost?
-- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan _______________________________________________ Mailman-users mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ Archived at: https://lists.mailman3.org/archives/list/[email protected]/message/FRJVGGXDEYAJBG6PZJX2Q5U4QL7DYRZT/ This message sent to [email protected]
