Django dynamic host helps you validate hostname(origin of client) trying to reach your application dynamically. Django dynamic host helps by-pass the ALLOWED_HOST settings which is restricted to a constant manually added value of hostnames
For example, let's say you are building a distributed system where a number of dynamically registered (domain stored in database) frontend domain consumes your api. It may become difficult adding them manually to ALLOWED_HOST list or creating different settings file for each. well that is where this library comes in handy. What you can do in this case is simple.
- install the library
pip install django-dynamic-host
-
add library to INSTALLED_APP and add AllowedHostMiddleWare to middleware. You should add the this middleware to the highest
INSTALLED_APPS= [ ... "dynamic_host", ] # notice middleware sits at the top... MIDDLEWARE = [ "dynamic_host.middleware.AllowedHostMiddleWare", ... ] -
disable allowed host by adding a
*to ALLOWED_HOST in settings "this is so django-dynamic-host middleware can take responsibility for allowed_host "ALLOWED_HOST=['*'] -
write a simple resolver function that takes in host, request and extra kwargs just in case
def some_function(host, request,**kwargs):
"""
add some logic to check domain in database
or some inmemory database system... this is
totally up to you
"""
if cache.exists(host):
return True
elif Model.objects.filter(domain=host).exists():
save_to_cache(host)
return True
return False
- add path the function from settings.py like so
DYNAMIC_HOST_RESOLVER_FUNC="path.to.func"
First, install the app with your favorite package manager, e.g.:
pip install django-dynamic-host
Then configure your Django to use the app:
-
Add
'dynamic_host'to yourINSTALLED_APPSsetting. -
Add
'dynamic_host.middleware.AllowedHostMiddleWare'to the beginning of yourMIDDLEWAREsetting. -
DISABLE
'ALLOWED_HOST'by setting it to'['*']'in settings.py so the middleware takes responsibility of checking if host is valid. -
Create a new module containing your resolver function, e.g. in the
resolver.pyin any package/directory. -
Set the
DYNAMIC_HOST_RESOLVER_FUNCsetting to the dotted Python import path of the module containing your resolver functionDYNAMIC_HOST_RESOLVER_FUNC = 'path.to.resolver' -
Set the
DYNAMIC_HOST_RESOLVER_FUNCsetting to the PATH of the above function
repository on Github: https://github.com/goodnewsj62/django-dynamic-host
DYNAMIC_HOST_DEFAULT_HOSTS:
To add a number of host manually(like you do with ALLOWED_HOST): Assign the list of default allowed hosts to DYNAMIC_HOST_DEFAULT_HOSTS in your settings.py.
Note: This does not stop host not listed in DYNAMIC_HOST_DEFAULT_HOSTS from be validated via the resolver_func. Once django dynamic host finds the incoming host in this list it just allows it and doesn't go future in calling the resolver_func.
DYNAMIC_HOST_ALLOW_ALL:
Although it is not recommended to open up to all host, but in some test cases or during development you may want to do so. Setting DYNAMIC_HOST_ALLOW_ALL to True opens your backend to all hosts
DYNAMIC_HOST_ALLOW_SITES: Settings this value to True makes django dynamic host aware of you adding contrib.sites to your installed app. that way sites created via the sites model is automatically allowed.
DYNAMIC_HOST_RESOLVER_FUNC: This holds the string path to your resolver function. this function should return a boolean value. If value is True then the domain is allowed else it is disallowed.
AllowedHostMiddleWare SHOULD ALWAYS SIT AT THE TOP AS IT'S JOB IS TO FIRST OF ALL VALIDATE IF AN INCOMING REQUEST FROM A HOST SHOULD BE ALLOWED TO GAIN ACCESS TO RESOURCE