From f1911ab8c9aaa5a14e97ad2345b6ff94efa4f900 Mon Sep 17 00:00:00 2001 From: Arne Schauf Date: Wed, 30 Apr 2025 17:48:09 +0200 Subject: [PATCH] Fix ALLOWED_HOSTS entries in production settings Updated ALLOWED_HOSTS to remove the protocol prefix, ensuring compatibility with Django's host validation. This change prevents potential issues with host header mismatches in production environments. --- feo_homepage/settings/prod.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/feo_homepage/settings/prod.py b/feo_homepage/settings/prod.py index b16983b..1c4ad49 100644 --- a/feo_homepage/settings/prod.py +++ b/feo_homepage/settings/prod.py @@ -4,7 +4,7 @@ from .base import * DEBUG = False TEMPLATE_DEBUG = True -ALLOWED_HOSTS = ["https://www.feo.gmbh", "https://feo.gmbh"] +ALLOWED_HOSTS = ["www.feo.gmbh", "feo.gmbh"] USE_X_FORWARDED_HOST = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') CSRF_TRUSTED_ORIGINS = ["https://www.feo.gmbh", "https://feo.gmbh"]