Context Navigation

← Previous Ticket
Next Ticket →

#31010 closed New feature (fixed)

Add subdomains of localhost to ALLOWED_HOSTS in DEBUG mode

Reported by:	thenewguy	Owned by:	thenewguy
Component:	HTTP handling	Version:	dev
Severity:	Normal	Keywords:
Cc:		Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	yes	UI/UX:	no

Description (last modified by thenewguy)

It would minimize configuration for new projects if ALLOWED_HOSTS += .localhost when DEBUG=True

Chrome resolves *.localhost to localhost without modifying any host files or DNS

Referencing the project this way makes it easy to test subdomains -> static.localhost, uploads.localhost, www.localhost, etc

---
Updated
---

Conversation on developer mailing list resulted in decision to reopen and accept ticket. The conversation turned up that this behavior is spec compliant per https://tools.ietf.org/html/rfc6761#section-6.3

Change History (9)

comment:1 by Carlton Gibson, 4 years ago

Resolution:	→ needsinfo
Status:	new → closed

Interesting. Currently we have, in HttpRequest.get_host():

        # Allow variants of localhost if ALLOWED_HOSTS is empty and DEBUG=True.
        allowed_hosts = settings.ALLOWED_HOSTS
        if settings.DEBUG and not allowed_hosts:
            allowed_hosts = ['localhost', '127.0.0.1', '[::1]']

Can I ask you to post to the DevelopersMailingList to canvas opinion? Assuming no blockers are raised it seems reasonable enough... (Reopen if accepted there.)

Last edited 4 years ago by Carlton Gibson (previous) (diff)

comment:2 by thenewguy, 4 years ago

For reference, the conversation chain has been started: https://groups.google.com/forum/#!topic/django-developers/xcoAF9Gm_dI

comment:3 by thenewguy, 4 years ago

Description:	modified (diff)
Easy pickings:	set
Resolution:	needsinfo
Status:	closed → new
Triage Stage:	Unreviewed → Accepted

comment:4 by thenewguy, 4 years ago

Has patch:	set
Owner:	changed from nobody to thenewguy
Status:	new → assigned

PR submitted https://github.com/django/django/pull/12132

comment:5 by thenewguy, 4 years ago

Triage Stage:	Accepted → Ready for checkin

comment:6 by Simon Charette, 4 years ago

Needs tests:	set
Patch needs improvement:	set
Triage Stage:	Ready for checkin → Accepted

Hey there, thanks for your PR! Please don't mark your own patch Ready for Checking, someone else has to review it and mark it accordingly. I left come comments for improvements on the PR.

comment:7 by Mariusz Felisiak, 4 years ago

Type:	Uncategorized → New feature

comment:8 by Mariusz Felisiak, 4 years ago

Component:	Uncategorized → HTTP handling
Needs tests:	unset
Patch needs improvement:	unset
Triage Stage:	Accepted → Ready for checkin
Version:	2.2 → master

comment:9 by Mariusz Felisiak <felisiak.mariusz@…>, 4 years ago

Resolution:	→ fixed
Status:	assigned → closed

In adb9661:

Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues