Update security docs re HOST header and ALLOWED_HOSTS?

2022-05-12 Thread 'Michael Lissner' via Django developers (Contributions to Django itself)
There's a vague warning in the security docs that says: > many common web servers [have] a configuration that seems to validate the > Host header [that] may not in fact do so. For instance, even if Apache is > conf

Re: Status of 4.1 pre-release.

2022-05-12 Thread Florian Apolloner
On Thursday, May 12, 2022 at 1:33:38 PM UTC+2 thinkwel...@gmail.com wrote: > > Next step would be someone to pick the preliminary work up and push it > forward. > > I guess I thought the "preliminary work" was already done. There's a > driver written, and a PR for a django backend. > I don't th

Re: Status of 4.1 pre-release.

2022-05-12 Thread thinkwel...@gmail.com
> Next step would be someone to pick the preliminary work up and push it forward. I guess I thought the "preliminary work" was already done. There's a driver written, and a PR for a django backend. I'd asked [Daniel Varrazzo](https://github.com/dvarrazzo/django-psycopg3-backend/issues/6) if h

Re: Blocking disposable or temporary email addresses

2022-05-12 Thread 'Adam Johnson' via Django developers (Contributions to Django itself)
I would say this feature is a bit more questionable these days, since even big companies like Apple provide "disposable" email addresses for privacy protection. And I also agree this would be better in a separate package, where updating the list of domains would be easier and not tied to Django's