From e490e85945ad82ca2bf82dd8d72e52f0e71ca593 Mon Sep 17 00:00:00 2001 From: Sergei Maertens Date: Thu, 14 Dec 2023 14:22:07 +0100 Subject: [PATCH 1/2] :wrench: Add config option for USE_X_FORWARDED_HOST --- src/objects/conf/base.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/objects/conf/base.py b/src/objects/conf/base.py index fce6fdcd..d77e8afb 100644 --- a/src/objects/conf/base.py +++ b/src/objects/conf/base.py @@ -33,6 +33,7 @@ IS_HTTPS = config("IS_HTTPS", not DEBUG) ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="", split=True) +USE_X_FORWARDED_HOST = config("USE_X_FORWARDED_HOST", default=False) DATABASES = { "default": { From 525c6613ee42055696146362d1a197883b10cbda Mon Sep 17 00:00:00 2001 From: Anna Shamray Date: Fri, 1 Mar 2024 15:34:21 +0100 Subject: [PATCH 2/2] :memo: document USE_X_FORWARDED_HOST --- docs/installation/config.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/installation/config.rst b/docs/installation/config.rst index ae1d0d80..211826a9 100644 --- a/docs/installation/config.rst +++ b/docs/installation/config.rst @@ -90,6 +90,11 @@ Other settings * ``TWO_FACTOR_PATCH_ADMIN``: Whether to use the 2 Factor Authentication login flow for the admin or not. Default ``True``. You'll probably want to disable this when using OIDC. +* ``USE_X_FORWARDED_HOST``: whether to grab the domain/host from the ``X-Forwarded-Host`` + header or not. This header is typically set by reverse proxies (such as nginx, + traefik, Apache...). Default ``False`` - this is a header that can be spoofed and you + need to ensure you control it before enabling this. + Initial superuser creation --------------------------