Message ID | 20170207214716.30310-1-stephen@that.guru |
---|---|
State | Accepted |
Headers | show |
Hi Stephen, Are you connecting using the IP address of the container/VM itself, or are you using the port bound to localhost? Without this patch, I can access localhost:8000 fine when I run "docker-compose up". It's only when I try to connect directly to the container using the container's IP address (In my case 172.17.0.3:8000) that I get a DisallowedHost error. I'm guessing the same thing occurs with Vagrant - if memory serves you'd usually connect to the port bound to localhost - which should work. But, if you connect to the VM directly it won't work. I'm not opposed to the patch, I'm just curious as to why you'd ever connect using the IP address. Regards, Daniel Stephen Finucane <stephen@that.guru> writes: > Django 1.10.3, 1.9.11 and 1.8.16 changed default behavior for > ALLOWED_HOSTS to prevent DNS rebinding attacks [1]. Unfortunately this > also means we can't access the development Docker or Vagrant installs > by IP address. Sidestep the issue by wildcarding the 'ALLOWED_HOSTS' > setting for development, thus allowing connections from any IP. > > [1] https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts > > Signed-off-by: Stephen Finucane <stephen@that.guru> > Cc: Daniel Axtens <dja@axtens.net> > --- > patchwork/settings/dev.py | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/patchwork/settings/dev.py b/patchwork/settings/dev.py > index a084d6a..ee5b203 100644 > --- a/patchwork/settings/dev.py > +++ b/patchwork/settings/dev.py > @@ -18,6 +18,9 @@ from .base import * # noqa > # https://docs.djangoproject.com/en/1.8/ref/settings/#core-settings > # > > + > +ALLOWED_HOSTS = ['*'] > + > SECRET_KEY = '00000000000000000000000000000000000000000000000000' # noqa > > DEBUG = True > -- > 2.9.3
On Tue, 2017-02-14 at 08:21 +1100, Daniel Axtens wrote: > Hi Stephen, > > Are you connecting using the IP address of the container/VM itself, > or > are you using the port bound to localhost? The former. This is necessary if I want to connect to Patchwork from another container or VM, where 'localhost' refers to something other than the host. In my case, I want to talk to Patchwork from a Jenkins container [1]. For development approaches, this seems easier than asking someone to find their docker container IP address and set the option manually. > Without this patch, I can access localhost:8000 fine when I run > "docker-compose up". It's only when I try to connect directly to the > container using the container's IP address (In my case > 172.17.0.3:8000) > that I get a DisallowedHost error. Yup, same thing here. > I'm guessing the same thing occurs with Vagrant - if memory serves > you'd > usually connect to the port bound to localhost - which should work. I haven't tested this (nor used the Vagrant image in a while - I really need to bump that to Xenial) but I'd imagine so, yes. > But, > if you connect to the VM directly it won't work. > > I'm not opposed to the patch, I'm just curious as to why you'd ever > connect using the IP address. Cheers, Stephen [1] https://that.guru/blog/patchwork-and-ci-in-a-tree/
Stephen Finucane <stephen@that.guru> writes: > On Tue, 2017-02-14 at 08:21 +1100, Daniel Axtens wrote: >> Hi Stephen, >> >> Are you connecting using the IP address of the container/VM itself, >> or >> are you using the port bound to localhost? > > The former. This is necessary if I want to connect to Patchwork from > another container or VM, where 'localhost' refers to something other > than the host. In my case, I want to talk to Patchwork from a Jenkins > container [1]. For development approaches, this seems easier than > asking someone to find their docker container IP address and set the > option manually. Fair enough. Reviewed-by: Daniel Axtens <dja@axtens.net> Regards, Daniel
diff --git a/patchwork/settings/dev.py b/patchwork/settings/dev.py index a084d6a..ee5b203 100644 --- a/patchwork/settings/dev.py +++ b/patchwork/settings/dev.py @@ -18,6 +18,9 @@ from .base import * # noqa # https://docs.djangoproject.com/en/1.8/ref/settings/#core-settings # + +ALLOWED_HOSTS = ['*'] + SECRET_KEY = '00000000000000000000000000000000000000000000000000' # noqa DEBUG = True
Django 1.10.3, 1.9.11 and 1.8.16 changed default behavior for ALLOWED_HOSTS to prevent DNS rebinding attacks [1]. Unfortunately this also means we can't access the development Docker or Vagrant installs by IP address. Sidestep the issue by wildcarding the 'ALLOWED_HOSTS' setting for development, thus allowing connections from any IP. [1] https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts Signed-off-by: Stephen Finucane <stephen@that.guru> Cc: Daniel Axtens <dja@axtens.net> --- patchwork/settings/dev.py | 3 +++ 1 file changed, 3 insertions(+)