django ALLOWED_HOSTS无法正常工作 [英] django ALLOWED_HOSTS not working
本文介绍了django ALLOWED_HOSTS无法正常工作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的settings.py文件包含:
My settings.py file contains:
DEBUG = False
ALLOWED_HOSTS = [u'mydomainxxx.com']
但是,我可以发出如下所示的curl请求: curl -X GET https://mydomainxxx.com/api/ -H'Authorization:Token some token'
并获得响应。
Howevever, I'm able to fire a curl request like this: curl -X GET https://mydomainxxx.com/api/ -H 'Authorization: Token some token'
and am getting the response.
我希望使用 ALLOWED_HOSTS
可以防止curl等命令从我的API获取响应。
这是正常行为吗?
I was hoping that using ALLOWED_HOSTS
will prevent commands like curl to get response from my API.
Is this a normal behaviour ?
推荐答案
仅适用于希望过滤引荐来源网址而不是ip的任何人地址,我们可以使用以下中间件:
Just for anyone who would like to filter on referer url and not on ip address, we can use the following middleware:
from django.conf import settings
from django import http
class AllowHostsMiddleware(object):
def process_request(self, request):
referer_url = request.META.get('HTTP_REFERER','')
if referer_url.startswith(settings.ALLOWED_REFERER_URL):
return None
return http.HttpResponseForbidden('<h1>Forbidden</h1>')
这篇关于django ALLOWED_HOSTS无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文