Features: 1) Enhance host validation in middleware to allow wildcard "*" in ALLOWED_HOSTS;

Fixes: 1) Correct .gitignore entries for static files to improve exclusion logic; Extra: 1) Minor refactor in middleware for readability;
2025-05-14 03:38:39 +03:00 · 2025-05-14 03:38:39 +03:00 · 190fb479be
commit 190fb479be
parent 4a9c147149
2 changed files with 7 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -79,11 +79,11 @@ db_backups
 services_data
 services_data/postgres/*
 services_data/redis/*
-./static
-!core/static/*
-!geo/static/*
-!payments/static/*
-!vibes_auth/static/*
+static
+!core/static
+!geo/static
+!payments/static
+!vibes_auth/static
 media
 debug.log
 errors.log
--- a/evibes/middleware.py
+++ b/evibes/middleware.py
@ -73,7 +73,8 @@ class BlockInvalidHostMiddleware:
        self.get_response = get_response

    def __call__(self, request):
-        if request.META.get("HTTP_HOST") not in getenv("ALLOWED_HOSTS").split(" "):
+        allowed_hosts = getenv("ALLOWED_HOSTS").split(" ")
+        if request.META.get("HTTP_HOST") not in allowed_hosts and "*" not in allowed_hosts:
            return HttpResponseForbidden("Invalid Host Header")
        return self.get_response(request)