Uploaded image for project: 'Hue'
  1. Hue
  2. HUE-5816

Changing default setting as "allowed_hosts=*"

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.11.0
    • Fix Version/s: 4.0.0
    • Component/s: core.security
    • Labels:
      None

      Description

      Currently we are getting support issues as HUE in following configuration generates "400 Bad Request" error.

      1. When HUE's django server started on IP:PORT
      e.g. hue runserver IP:PORT

      2. When HUE is hosted on AWS(with ec2 domain name) and clients are coming from different domain names

      In above cases if default HUE setting is "allowed_hosts=[".domainname"]" which can created DOS(denial of service) from HUE.

      When default setting is changed to allowed_hosts=["*"] above DOS can be prevented.

      Also with this user can still put "allowed_hosts" settings and HUE will reflect it.

        Attachments

          Activity

            People

            • Assignee:
              ranade Prakash
              Reporter:
              ranade Prakash
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: