From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <brian.avery@intel.com>
Received: by yocto-www.yoctoproject.org (Postfix, from userid 118)
	id 45EEBE0071C; Tue,  1 Nov 2016 17:02:26 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	yocto-www.yoctoproject.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
X-Spam-HAM-Report: * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
	*      [score: 0.0000]
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
	by yocto-www.yoctoproject.org (Postfix) with ESMTP id 8BE0AE006E9
	for <toaster@yoctoproject.org>; Tue,  1 Nov 2016 17:02:25 -0700 (PDT)
Received: from orsmga004.jf.intel.com ([10.7.209.38])
	by orsmga104.jf.intel.com with ESMTP; 01 Nov 2016 17:02:24 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,433,1473145200"; d="scan'208";a="26690490"
Received: from bavery-ws-desk.jf.intel.com ([10.7.198.85])
	by orsmga004.jf.intel.com with ESMTP; 01 Nov 2016 17:02:24 -0700
From: brian avery <brian.avery@intel.com>
To: toaster@yoctoproject.org
Date: Tue,  1 Nov 2016 17:03:55 -0700
Message-Id: <cover.1478044908.git.brian.avery@intel.com>
X-Mailer: git-send-email 1.9.1
Cc: brian avery <brian.avery@intel.com>
Subject: [PATCH 0/1] toaster: add * to ALLOWED_HOSTS setting
X-BeenThere: toaster@yoctoproject.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Web based interface for BitBake <toaster.yoctoproject.org>
List-Unsubscribe: <https://lists.yoctoproject.org/options/toaster>,
	<mailto:toaster-request@yoctoproject.org?subject=unsubscribe>
List-Archive: <http://lists.yoctoproject.org/pipermail/toaster>
List-Post: <mailto:toaster@yoctoproject.org>
List-Help: <mailto:toaster-request@yoctoproject.org?subject=help>
List-Subscribe: <https://lists.yoctoproject.org/listinfo/toaster>,
	<mailto:toaster-request@yoctoproject.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 00:02:26 -0000

    As of Django 1.8.16, django is rejecting any HTTP_HOST header that is
 not on the ALLOWED_HOST list.  We often need to reference the
 toaster server via a fqdn, if we start it via webport=0.0.0.0:8000 for
 instance, and are hitting the server from a laptop. This change does
 reduce  the protection from a DNS rebinding attack, however, if you are
 running the toaster server outside a protected network, you need to be
 using the production instance.

In particular, this prevents the toaster container tests from running as well
as the containers from working as is in the Windows Docker Toolbox case.

-brian

The following changes since commit c3d2df883a9d6d5036277114339673656d89a728:

  oeqa/selftest/kernel.py: Add new file destined for kernel related tests (2016-11-01 10:05:46 +0000)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib bavery/toaster/fixALLOWED_HOSTexclusion
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=bavery/toaster/fixALLOWED_HOSTexclusion

brian avery (1):
  toaster: settings.py , add * to ALLOWED_HOSTS

 lib/toaster/toastermain/settings.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--
1.9.1