#19952 closed Bug (invalid)
ALLOWED_HOSTS breaks on subdomains that contain underscores
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 1.5 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I have allowed hosts set to * on a multitenant CMS, for which users get subdomains that are formatted like this: username.portfolios.mysite.com
However, for users with an underscore in their username, the app 500's with a "SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): some_username.portfolios.mysite.com" but works fine for someusername.portfolios.mysite.com
Change History (3)
comment:1 by , 11 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:2 by , 11 years ago
I agree that underscored host names should not be accepted, but the validation is performed even when DEBUG = True (ie ALLOWED_HOSTS = ["*"]).
This was annoying because I was using a custom name in /etc/hosts to connect to a test server and it wasn't clear why it had failed (the 500 debug page could not be displayed).
Note:
See TracTickets
for help on using tickets.
The underscore character is not valid in hostnames (see also explanation in #18517). You can patch
django.http.request.host_validation_rein your project, but you've been warned that you don't conform to the standard.