Features: 1) Enhance host validation in middleware to allow wildcard "*" in ALLOWED_HOSTS;
Fixes: 1) Correct .gitignore entries for static files to improve exclusion logic; Extra: 1) Minor refactor in middleware for readability;
This commit is contained in:
parent
4a9c147149
commit
190fb479be
2 changed files with 7 additions and 6 deletions
10
.gitignore
vendored
10
.gitignore
vendored
|
|
@ -79,11 +79,11 @@ db_backups
|
||||||
services_data
|
services_data
|
||||||
services_data/postgres/*
|
services_data/postgres/*
|
||||||
services_data/redis/*
|
services_data/redis/*
|
||||||
./static
|
static
|
||||||
!core/static/*
|
!core/static
|
||||||
!geo/static/*
|
!geo/static
|
||||||
!payments/static/*
|
!payments/static
|
||||||
!vibes_auth/static/*
|
!vibes_auth/static
|
||||||
media
|
media
|
||||||
debug.log
|
debug.log
|
||||||
errors.log
|
errors.log
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,8 @@ class BlockInvalidHostMiddleware:
|
||||||
self.get_response = get_response
|
self.get_response = get_response
|
||||||
|
|
||||||
def __call__(self, request):
|
def __call__(self, request):
|
||||||
if request.META.get("HTTP_HOST") not in getenv("ALLOWED_HOSTS").split(" "):
|
allowed_hosts = getenv("ALLOWED_HOSTS").split(" ")
|
||||||
|
if request.META.get("HTTP_HOST") not in allowed_hosts and "*" not in allowed_hosts:
|
||||||
return HttpResponseForbidden("Invalid Host Header")
|
return HttpResponseForbidden("Invalid Host Header")
|
||||||
return self.get_response(request)
|
return self.get_response(request)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue