kennethreitz/responder
1
0
Fork 0
mirror of https://github.com/kennethreitz/responder.git synced 2026-06-05 23:00:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #173 from taoufik07/patch-14

Browse Source 
Trusted hosts docs
This commit is contained in:
Kenneth Reitz
2018-10-29 19:04:19 -04:00
committed by GitHub
parent 359d366de4 6a5d0b5e9f
commit 7471bbcd4e
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/source/tour.rst
+19
View File
@@ -240,3 +240,22 @@ In order to set custom parameters, you need to set the ``cors_params`` argument
* ``allow_credentials`` - Indicate that cookies should be supported for cross-origin requests. Defaults to ``False``.
* ``expose_headers`` - Indicate any response headers that should be made accessible to the browser. Defaults to ``[]``.
* ``max_age`` - Sets a maximum time in seconds for browsers to cache CORS responses. Defaults to ``60``.
Trusted Hosts
-------------
Make sure that all the incoming requests headers have a valid ``host``, that matches one of the provided patterns in the ``allowed_host`` attribute, in order to prevent HTTP Host Header attacks.
A 400 response will be raised, if a request does not match any of the provided patterns in the ``allowed_host`` attribute.
::
api = responder.API(allowed_hosts=[example.com, tenant.example.com])
* ``allowed_hosts`` - A list of allowed hostnames.
Note:
* By default, all hostnames are allowed.
* Wildcard domains such as ``*.example.com`` are supported.
* To allow any hostname use ``allowed_hosts=["*"]``.