• django DEBUG=False


    在django的settings中. 将DEBUG 设置为False. 会出现

    #python manage.py runserver 8888
    CommandError: You must set settings.ALLOWED_HOSTS if DEBUG is False.

    #####################################################

    提示DEBUG为False时,必须设置settings.ALLOWED_HOSTS .

    ALLOWED_HOSTS = [
        '.example.com',  # Allow domain and subdomains
        '.example.com.',  # Also allow FQDN and subdomains
    ]

    或者您需要设置所有的均可访问.那么可以这样设置.

    ALLOWED_HOSTS = ['*']


    任何用户均可以访问.
    然后再访问下.恢复正常.



    相关django官方文档.
    https://docs.djangoproject.com/en/1.7/ref/settings/
    在此引用一下.
    ALLOWED_HOSTS¶
    
    Default: [] (Empty list)
    
    A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent an attacker from poisoning caches and password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe web server configurations.
    
    Values in this list can be fully qualified names (e.g. 'www.example.com'), in which case they will be matched against the request’s Host header exactly (case-insensitive, not including port). A value beginning with a period can be used as a subdomain wildcard: '.example.com' will match example.com, www.example.com, and any other subdomain of example.com. A value of '*' will match anything; in this case you are responsible to provide your own validation of the Host header (perhaps in a middleware; if so this middleware must be listed first in MIDDLEWARE_CLASSES).
    Changed in Django 1.7:
    
    In previous versions of Django, if you wanted to also allow the fully qualified domain name (FQDN), which some browsers can send in the Host header, you had to explicitly add another ALLOWED_HOSTS entry that included a trailing period. This entry could also be a subdomain wildcard:
    
    
    ALLOWED_HOSTS = [
        '.example.com',  # Allow domain and subdomains
        '.example.com.',  # Also allow FQDN and subdomains
    ]
    
    
    
    
    
    In Django 1.7, the trailing dot is stripped when performing host validation, thus an entry with a trailing dot isn’t required.
    
    If the Host header (or X-Forwarded-Host if USE_X_FORWARDED_HOST is enabled) does not match any value in this list, the django.http.HttpRequest.get_host() method will raise SuspiciousOperation.
    
    When DEBUG is True or when running tests, host validation is disabled; any host will be accepted. Thus it’s usually only necessary to set it in production.
    
    This validation only applies via get_host(); if your code accesses the Host header directly from request.META you are bypassing this security protection.
  • 相关阅读:
    MySQL学习笔记7——约束
    MySQL学习笔记8——多表查询
    剑指Offer-4.重建二叉树(C++/Java)
    MySQL学习笔记6——备份与恢复
    MySQL学习笔记5——编码
    剑指Offer-3.从尾到头打印链表(C++/Java)
    codeforce Gym 100500I Hall of Fame (水)
    codeforce Gym 100500F Door Lock (二分)
    code Gym 100500D T-shirts(暴力)
    codeforce Gym 100500C ICPC Giveaways(水)
  • 原文地址:https://www.cnblogs.com/drgcaosheng/p/4579927.html
Copyright © 2020-2023  润新知