On Feb 20, 2013, at 6:25 PM, Ian Kelly wrote:
> On Feb 20, 2013 4:41 PM, "Carl Meyer" wrote:
> > On 02/20/2013 04:25 PM, Nick Phillips wrote:
> > >> There was extensive back-and-forth discussion of this in writing the
> > >> patch. The issue is that in
On Feb 20, 2013 4:41 PM, "Carl Meyer" wrote:
>
> On 02/20/2013 04:25 PM, Nick Phillips wrote:
> >> There was extensive back-and-forth discussion of this in writing the
> >> patch. The issue is that in almost all cases the correct value of the
> >> setting in local development
On 02/20/2013 04:25 PM, Nick Phillips wrote:
>> There was extensive back-and-forth discussion of this in writing the
>> patch. The issue is that in almost all cases the correct value of the
>> setting in local development and under test are different from the
>> correct value in production. So how
On Tue, 2013-02-19 at 15:46 -0700, Carl Meyer wrote:
> Hi Nick,
>
> On 02/19/2013 03:32 PM, Nick Phillips wrote:
> > I don't recall looking at the ALLOWED_HOSTS setting before. Now that I
> > do, it seems rather problematic. In particular, that host verification
> > is apparently turned off while
On 02/20/2013 01:58 AM, Reinout van Rees wrote:
> On 19-02-13 23:32, Nick Phillips wrote:
>> I don't recall looking at the ALLOWED_HOSTS setting before.
>
> Should there be a note in the 1.4 docs that the default ['*'] value is a
> temporary default value? That from 1.5 onwards it will be an
On 19-02-13 23:32, Nick Phillips wrote:
I don't recall looking at the ALLOWED_HOSTS setting before.
Should there be a note in the 1.4 docs that the default ['*'] value is a
temporary default value? That from 1.5 onwards it will be an empty list?
Hi Nick,
On 02/19/2013 03:32 PM, Nick Phillips wrote:
> I don't recall looking at the ALLOWED_HOSTS setting before. Now that I
> do, it seems rather problematic. In particular, that host verification
> is apparently turned off while DEBUG is True or while testing.
>
> Surely this makes it
On Tue, 2013-02-19 at 14:50 -0600, James Bennett wrote:
> We've issued several security releases today. Details are in the blog
post:
>
> https://www.djangoproject.com/weblog/2013/feb/19/security/
>
> We recommend everyone carefully read this one, as it has an
> end-user-visible change requiring
We've issued several security releases today. Details are in the blog post:
https://www.djangoproject.com/weblog/2013/feb/19/security/
We recommend everyone carefully read this one, as it has an
end-user-visible change requiring action beyond simply upgrading your
Django package.
--
You