django ALLOWED_HOSTS无法正常工作 [英] django ALLOWED_HOSTS not working

问题描述

我的settings.py文件包含：

My settings.py file contains:

DEBUG = False
ALLOWED_HOSTS = [u'mydomainxxx.com']

但是，我可以发出如下所示的curl请求： curl -X GET https://mydomainxxx.com/api/ -H'Authorization：Token some token'并获得响应。

Howevever, I'm able to fire a curl request like this: curl -X GET https://mydomainxxx.com/api/ -H 'Authorization: Token some token' and am getting the response.

我希望使用 ALLOWED_HOSTS 可以防止curl等命令从我的API获取响应。
这是正常行为吗？

I was hoping that using ALLOWED_HOSTS will prevent commands like curl to get response from my API. Is this a normal behaviour ?

推荐答案

仅适用于希望过滤引荐来源网址而不是ip的任何人地址，我们可以使用以下中间件：

Just for anyone who would like to filter on referer url and not on ip address, we can use the following middleware:

from django.conf import settings
from django import http

class AllowHostsMiddleware(object):

    def process_request(self, request):
        referer_url = request.META.get('HTTP_REFERER','')
        if referer_url.startswith(settings.ALLOWED_REFERER_URL):
            return None
        return http.HttpResponseForbidden('<h1>Forbidden</h1>')

这篇关于django ALLOWED_HOSTS无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！