Re: [Django] #36514: Improve ALLOWED_HOSTS error message: show both values

[Django]

#36514: Improve ALLOWED_HOSTS error message: show both values
------------------------------------+--------------------------------------
     Reporter:  Klaas van Schelven  |                    Owner:  (none)
         Type:  New feature         |                   Status:  closed
    Component:  HTTP handling       |                  Version:  5.2
     Severity:  Normal              |               Resolution:  wontfix
     Keywords:                      |             Triage Stage:  Unreviewed
    Has patch:  0                   |      Needs documentation:  0
  Needs tests:  0                   |  Patch needs improvement:  0
Easy pickings:  0                   |                    UI/UX:  0
------------------------------------+--------------------------------------
Changes (by Natalia Bidart):

 * component:  Uncategorized => HTTP handling
 * resolution:   => wontfix
 * status:  new => closed
 * type:  Uncategorized => New feature

Comment:

 Hello Klaas van Schelven, thank you for taking the time to create this
 ticket and for the detailed write-up.

 I appreciate the motivation to improve the clarity of this error message,
 I have fought with that error myself. That said, I believe the proposed
 change introduces security concerns with limited practical benefit. In
 particular, echoing the full `ALLOWED_HOSTS` list in the error message
 could unintentionally disclose internal configuration details. While it's
 true that many `ALLOWED_HOSTS` entries are public, that's not guaranteed.
 In real world deployments, it's common to include internal hostnames, IP
 addresses, or ephemeral domains that are not externally visible, for
 example in environments where SSL termination and routing are handled
 separately from the Django app itself. In such cases, `ALLOWED_HOSTS`
 reflects internal routing constraints rather than externally resolvable
 hostnames.

 Given the above, I'll close this ticket as `wontfix`. If you disagree, and
 considering this a new feature request for Django, the feature idea should
 first be proposed and discussed with the community. To do that, please
 raise this on the [https://github.com/django/new-features/issues new
 feature tracker].
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36514#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/010701982db28cd6-52ade2e4-8d90-439f-8c5b-710e80aee6a1-000000%40eu-central-1.amazonses.com.