From: Stephen Finucane <stephen@that.guru>
Date: Tue, 7 Feb 2017 21:47:16 +0000 (+0000)
Subject: settings: Wildcard 'ALLOWED_HOSTS' settings
X-Git-Tag: v2.0.0-rc1~87
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c7b68a782f53cf177d659f0537a36923df95f3f0;p=thirdparty%2Fpatchwork.git

settings: Wildcard 'ALLOWED_HOSTS' settings

Django 1.10.3, 1.9.11 and 1.8.16 changed default behavior for
ALLOWED_HOSTS to prevent DNS rebinding attacks [1]. Unfortunately this
also means we can't access the development Docker or Vagrant installs
by IP address. Sidestep the issue by wildcarding the 'ALLOWED_HOSTS'
setting for development, thus allowing connections from any IP.

[1] https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts

Signed-off-by: Stephen Finucane <stephen@that.guru>
Reviewed-by: Daniel Axtens <dja@axtens.net>
---

diff --git a/patchwork/settings/dev.py b/patchwork/settings/dev.py
index a084d6a1..ee5b203d 100644
--- a/patchwork/settings/dev.py
+++ b/patchwork/settings/dev.py
@@ -18,6 +18,9 @@ from .base import *  # noqa
 # https://docs.djangoproject.com/en/1.8/ref/settings/#core-settings
 #
 
+
+ALLOWED_HOSTS = ['*']
+
 SECRET_KEY = '00000000000000000000000000000000000000000000000000'  # noqa
 
 DEBUG = True