Fixed #31010 -- Allowed subdomains of localhost in the Host header by default when DEBUG=True.

author: Gordon Pendleton <wgordonw1@gmail.com> 2019-11-23 21:17:31 -0500
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-12-05 09:44:45 +0100
commit: adb96617897690b3a01e39e8297ae7d67825d2bc (patch)
tree: 06f5846cb8cd688ab4ecab95e2b7d2884a0f23c4 /django/http/request.py
parent: 3930ec1bf275d17f1c36cd38b38114177b1d1565 (diff)
download: django-adb96617897690b3a01e39e8297ae7d67825d2bc.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/django/http/request.py b/django/http/request.py
index 933af0f13e..5c567b9c46 100644
--- a/django/http/request.py
+++ b/django/http/request.py
@@ -108,7 +108,7 @@ class HttpRequest:
         # Allow variants of localhost if ALLOWED_HOSTS is empty and DEBUG=True.
         allowed_hosts = settings.ALLOWED_HOSTS
         if settings.DEBUG and not allowed_hosts:
-            allowed_hosts = ['localhost', '127.0.0.1', '[::1]']
+            allowed_hosts = ['.localhost', '127.0.0.1', '[::1]']
 
         domain, port = split_domain_port(host)
         if domain and validate_host(domain, allowed_hosts):
author	Gordon Pendleton <wgordonw1@gmail.com>	2019-11-23 21:17:31 -0500
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-12-05 09:44:45 +0100
commit	adb96617897690b3a01e39e8297ae7d67825d2bc (patch)
tree	06f5846cb8cd688ab4ecab95e2b7d2884a0f23c4 /django/http/request.py
parent	3930ec1bf275d17f1c36cd38b38114177b1d1565 (diff)
download	django-adb96617897690b3a01e39e8297ae7d67825d2bc.tar.gz