diff options
author | brian avery <brian.avery@intel.com> | 2016-11-04 12:27:06 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-11-16 11:38:51 +0000 |
commit | 73454473d7c286c41ee697f74052fed03c79f9f5 (patch) | |
tree | 8a761b77b018dc4b9dc220c84a2038010484a495 /meta/COPYING.GPLv2 | |
parent | ee6fb7521b0182ba8981eee72e1e295a099f3a48 (diff) | |
download | poky-73454473d7c286c41ee697f74052fed03c79f9f5.tar.gz |
bitbake: toaster: settings set ALLOWED_HOSTS to * in debug mode
As of Django 1.8.16, Django is rejecting any HTTP_HOST header that is
not on the ALLOWED_HOST list. We often need to reference the
toaster server via a fqdn, if we start it via webport=0.0.0.0:8000 for
instance, and are hitting the server from a laptop. This change does
reduce the protection from a DNS rebinding attack, however, if you are
running the toaster server outside a protected network, you should be
using the production instance.
[YOCTO #10578]
(Bitbake rev: 59a3f391ac5ac194f30d11a39676356464269d55)
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Michael Wood <michael.g.wood@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/COPYING.GPLv2')
0 files changed, 0 insertions, 0 deletions