The snippet Matt posted is the same technique I've used for ages, albeit using the ec2-metadata <https://github.com/adamchainz/ec2-metadata> library. I think it's perfectly fine as-is, the Host header EC2 uses is actually predictable as the EC2 Private IP. I don't think Django needs another setting that disables a security feature and could be open to misconfiguration.
On Fri, 14 Sep 2018 at 20:29, Mattia Procopio <[email protected]> wrote: > What I usually do is rewriting the Host value at webserver level using one > of the allowed when receiving healthchecks from a load balancer. This is > not optimal and having a whitelist for some uris to allow requests without > a valid host could make this specific thing easier > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/e51aa4d8-d263-4448-ab3c-d0717035fbcb%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout. > -- Adam -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM0_uL%2B7APa%3DwgvU_GZaqO8fXDJOWAFKf0jGGB1pMVs2kg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
