Adjust ALLOWED_HOSTS help comment message

nkiryanov · nkiryanov · commit b6006182d506 · 2025-04-26T15:40:40.000+03:00
diff --git a/{{ cookiecutter.name }}/src/app/conf/http.py b/{{ cookiecutter.name }}/src/app/conf/http.py
@@ -1,7 +1,7 @@
 from app.conf.environ import env
 
 
-ALLOWED_HOSTS = ["*"]  # host validation is not necessary in 2020+
+ALLOWED_HOSTS = ["*"]  # Warning: Wildcard disables Host validation. Don't rely on Host header with this setting.
 CSRF_TRUSTED_ORIGINS = [
     "http://your.app.origin",
 ]

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`from app.conf.environ import env`
`2`	`2`
`3`	`3`
`4`		`-ALLOWED_HOSTS = ["*"] # host validation is not necessary in 2020+`
	`4`	`+ALLOWED_HOSTS = ["*"] # Warning: Wildcard disables Host validation. Don't rely on Host header with this setting.`
`5`	`5`	`CSRF_TRUSTED_ORIGINS = [`
`6`	`6`	`"http://your.app.origin",`
`7`	`7`	`]`