Thanks for the quick response, Mark. That's awesome. Sorry I missed it in the changelog.
Cheers, Cliff On Thursday, February 13, 2014 12:35:16 PM UTC-5, Mark Lavin wrote: > > This was already changed in https://code.djangoproject.com/ticket/19866which > is part of 1.6. It's noted under the minor features > https://docs.djangoproject.com/en/1.6/releases/1.6/#minor-features > > SuspiciousOperation has been differentiated into a number of subclasses, > and each will log to a matching named logger under the django.security > logging hierarchy. Along with this change, a handler400 mechanism and > default view are used whenever a SuspiciousOperation reaches the WSGI > handler to return an HttpResponseBadRequest. > > > Best, > > Mark > > On Thursday, February 13, 2014 12:27:37 PM UTC-5, J. Cliff Dyer wrote: >> >> Django devs, >> >> I've noticed that the new ALLOWED_HOSTS causes the site >> to return HTTP-500 errors whenever a user submits a request with an >> HTTP_HOST header that is not allowed. This is flooding my developers' >> inboxes with spurious error messages. The site is refusing the >> requests as expected, but it is doing so with a *server* error, when in >> fact the error is a problem with what the *clients* are doing. I'd >> like to start a discussion here before I create a bug report, but I >> believe this should instead be returning a 403 Forbidden response >> (based on my reading of http://httpstatus.es/403), or at least >> something in the 4xx (Client Error) range. This might be appropriate >> for other SuspiciousOperation exceptions as well, though it's probably >> worth discussing just how they are each handled. >> >> In short, I think 500 makes it look like there's something wrong >> with the server, when in fact the response is being blocked because the >> server is doing the right thing. If there's some consensus that this >> would be a helpful enhancement, I'll write up a bug report and see if I >> can create a patch to accompany it. Otherwise, I'll try to fix it for >> my own use in a custom middleware. >> >> Cheers, >> Cliff >> > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/51461479-1c30-4689-af78-ea5ef9c1720b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
