October 3, 2014
Posted by Eddie
Django, ALLOWED_HOSTS, Host header, Proxying, and more!
Django tries to avoid CSRF, and thus requires a HTTP Host header be sent. Host is optional in HTTP1.0, so it therefore basically requires HTTP1.1. That Host header has to conform with RFC 1034 or RFC 1035. A proxy sitting in front of Django will pretty much do whatever you tell it to do, so […]