From: brian avery <avery.brian@gmail.com>
To: bitbake-devel@lists.openembedded.org
Cc: brian avery <brian.avery@intel.com>
Subject: [PATCH 0/1] [krogoth] toaster: settings.py , add * to ALLOWED_HOSTS
Date: Wed, 23 Nov 2016 10:55:14 -0800 [thread overview]
Message-ID: <cover.1479764304.git.brian.avery@intel.com> (raw)
This backports 7c3a47ed8965c3a3eb90a9a4678d5caedbba6337 to krogoth so that
toaster can work with Django (1.8.16).
From the patch to master's message:
As of Django 1.8.16, django is rejecting any HTTP_HOST header that is
not on the ALLOWED_HOST list. We often need to reference the
toaster server via a fqdn, if we start it via webport=0.0.0.0:8000 for
instance, and are hitting the server from a laptop. This change does
reduce the protection from a DNS rebinding attack, however, if you are
running the toaster server outside a protected network, you need to be
using the production instance.
Fixes [YOCTO #10586 ].
The following changes since commit 3bf928a3b6354bc09c87fcbf9e3972c8d368aaa3:
dev-manual: Fixed typo for "${INC_PR}.0" (2016-11-16 10:38:24 +0000)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib bavery/toaster/krogoth-HOSTFIX
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=bavery/toaster/krogoth-HOSTFIX
brian avery (1):
bitbake: toaster: settings set ALLOWED_HOSTS to * in debug mode
lib/toaster/toastermain/settings.py | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--
1.9.1
WARNING: multiple messages have this Message-ID (diff)
From: brian avery <avery.brian@gmail.com>
To: toaster@yoctoproject.org
Cc: brian avery <brian.avery@intel.com>
Subject: [PATCH 0/1] [krogoth] toaster: settings.py , add * to ALLOWED_HOSTS
Date: Mon, 21 Nov 2016 13:41:45 -0800 [thread overview]
Message-ID: <cover.1479764304.git.brian.avery@intel.com> (raw)
This backports 7c3a47ed8965c3a3eb90a9a4678d5caedbba6337 to krogoth so that
toaster can work with Django (1.8.16).
From the patch to master's message:
As of Django 1.8.16, django is rejecting any HTTP_HOST header that is
not on the ALLOWED_HOST list. We often need to reference the
toaster server via a fqdn, if we start it via webport=0.0.0.0:8000 for
instance, and are hitting the server from a laptop. This change does
reduce the protection from a DNS rebinding attack, however, if you are
running the toaster server outside a protected network, you need to be
using the production instance.
Fixes [YOCTO #10586 ].
The following changes since commit 3bf928a3b6354bc09c87fcbf9e3972c8d368aaa3:
dev-manual: Fixed typo for "${INC_PR}.0" (2016-11-16 10:38:24 +0000)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib bavery/toaster/krogoth-HOSTFIX
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=bavery/toaster/krogoth-HOSTFIX
brian avery (1):
bitbake: toaster: settings set ALLOWED_HOSTS to * in debug mode
lib/toaster/toastermain/settings.py | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--
1.9.1
next reply other threads:[~2016-11-23 18:51 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-21 21:41 brian avery [this message]
2016-11-23 18:55 ` [PATCH 0/1] [krogoth] toaster: settings.py , add * to ALLOWED_HOSTS brian avery
2016-11-21 21:41 ` [PATCH 1/1] bitbake: toaster: settings set ALLOWED_HOSTS to * in debug mode brian avery
2016-11-23 18:55 ` brian avery
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1479764304.git.brian.avery@intel.com \
--to=avery.brian@gmail.com \
--cc=bitbake-devel@lists.openembedded.org \
--cc=brian.avery@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.