summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbrian avery <avery.brian@gmail.com>2016-11-23 18:55:20 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-11-28 14:23:48 (GMT)
commitae9b341ecfcc60e970f29cfe04306411ad26c0cf (patch)
treeada9407cc05c075e2ee30931b4fe420ea868d702
parent3bf928a3b6354bc09c87fcbf9e3972c8d368aaa3 (diff)
downloadpoky-ae9b341ecfcc60e970f29cfe04306411ad26c0cf.tar.gz
bitbake: bitbake: toaster: settings set ALLOWED_HOSTS to * in debug mode
This is a backport of 7c3a47ed8965c3a3eb90a9a4678d5caedbba6337 >From the commit to master: As of Django 1.8.16, Django is rejecting any HTTP_HOST header that is not on the ALLOWED_HOST list. We often need to reference the toaster server via a fqdn, if we start it via webport=0.0.0.0:8000 for instance, and are hitting the server from a laptop. This change does reduce the protection from a DNS rebinding attack, however, if you are running the toaster server outside a protected network, you should be using the production instance. [YOCTO #10586] (Bitbake rev: 449dc9b955dfbe048e380f5ab9fd61c3d1489dad) Signed-off-by: brian avery <brian.avery@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--bitbake/lib/toaster/toastermain/settings.py16
1 files changed, 13 insertions, 3 deletions
diff --git a/bitbake/lib/toaster/toastermain/settings.py b/bitbake/lib/toaster/toastermain/settings.py
index 74ab604..6572acc 100644
--- a/bitbake/lib/toaster/toastermain/settings.py
+++ b/bitbake/lib/toaster/toastermain/settings.py
@@ -107,9 +107,19 @@ def getDATABASE_URL():
107 107
108 108
109 109
110# Hosts/domain names that are valid for this site; required if DEBUG is False 110# Update as of django 1.8.16 release, the '*' is needed to allow us to connect while running
111# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts 111# on hosts without explicitly setting the fqdn for the toaster server.
112ALLOWED_HOSTS = [] 112# See https://docs.djangoproject.com/en/dev/ref/settings/ for info on ALLOWED_HOSTS
113# Previously this setting was not enforced if DEBUG was set but it is now.
114# The previous behavior was such that ALLOWED_HOSTS defaulted to ['localhost','127.0.0.1','::1']
115# and if you bound to 0.0.0.0:<port #> then accessing toaster as localhost or fqdn would both work.
116# To have that same behavior, with a fqdn explicitly enabled you would set
117# ALLOWED_HOSTS= ['localhost','127.0.0.1','::1','myserver.mycompany.com'] for
118# Django >= 1.8.16. By default, we are not enforcing this restriction in
119# DEBUG mode.
120if DEBUG is True:
121 # this will allow connection via localhost,hostname, or fqdn
122 ALLOWED_HOSTS = ['*']
113 123
114# Local time zone for this installation. Choices can be found here: 124# Local time zone for this installation. Choices can be found here:
115# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name 125# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name