#19952 closed Bug (invalid)
ALLOWED_HOSTS breaks on subdomains that contain underscores
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Uncategorized | Version: | 1.5 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I have allowed hosts set to * on a multitenant CMS, for which users get subdomains that are formatted like this: username.portfolios.mysite.com
However, for users with an underscore in their username, the app 500's with a "SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): some_username.portfolios.mysite.com" but works fine for someusername.portfolios.mysite.com
Change History (3)
comment:1 by , 12 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
comment:2 by , 12 years ago
I agree that underscored host names should not be accepted, but the validation is performed even when DEBUG = True
(ie ALLOWED_HOSTS = ["*"]
).
This was annoying because I was using a custom name in /etc/hosts to connect to a test server and it wasn't clear why it had failed (the 500 debug page could not be displayed).
The underscore character is not valid in hostnames (see also explanation in #18517). You can patch
django.http.request.host_validation_re
in your project, but you've been warned that you don't conform to the standard.