Changes between Initial Version and Version 1 of Ticket #27506, comment 3


Ignore:
Timestamp:
Nov 22, 2016, 4:09:20 AM (8 years ago)
Author:
Florian Apolloner

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #27506, comment 3

    initial v1  
    1 >  I've noticed that using HttpRequest.build_absolute_uri() might throw DisallowedHost, which looks like an unexpected side effect.
     1  I've noticed that using HttpRequest.build_absolute_uri() might throw DisallowedHost, which looks like an unexpected side effect.
    22
    33I'd call it "works as designed" :D The main idea here is that you need `get_host` and `build_absolute_uri` ''usually'' in cases where you are sending emails or providing redirect urls for other sites/apis. And those are generally the cases where you'd want to ensure that you do not allow invalid hosts. So by default this is an important defense line and should stay on.
Back to Top