🔧 Add config option for USE_X_FORWARDED_HOST

docs/installation/config.rst

@@ -90,6 +90,11 @@ Other settings
 * ``TWO_FACTOR_PATCH_ADMIN``: Whether to use the 2 Factor Authentication login flow for
   the admin or not. Default ``True``. You'll probably want to disable this when using OIDC.
 
+* ``USE_X_FORWARDED_HOST``: whether to grab the domain/host from the ``X-Forwarded-Host``
+  header or not. This header is typically set by reverse proxies (such as nginx,
+  traefik, Apache...). Default ``False`` - this is a header that can be spoofed and you
+  need to ensure you control it before enabling this.
+
 Initial superuser creation
 --------------------------
 

src/objects/conf/base.py

@@ -33,6 +33,7 @@
 
 IS_HTTPS = config("IS_HTTPS", not DEBUG)
 ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="", split=True)
+USE_X_FORWARDED_HOST = config("USE_X_FORWARDED_HOST", default=False)
 
 DATABASES = {
     "default": {