13๐
But a website should be open to the whole internet
ALLOWED_HOSTS in Django settings does not mean who will be allowed to access your site. It simple means on which address your site will be accessible. for example www.google.com is the address of google site. That does not mean who will be allowed to access the site (Its already public).
To allow/disallow a particular user to access your site is usually done with firewall or with a proxy server like nginx.
what value should it be?
It simply mentions the list of address from where your site can be accessed. like ALLOWED_HOSTS = ['your_site.com', 'IP_ADDRESS_OF_YOUR_SITE'] for more information visit docs
And for why ['*'] being dangerous and why ALLOWED_HOST was added to django please refer to this post.
1๐
It should be set to your application domain. For example, if your domain is http://example.com then you need to set ALLOWED_HOSTS to:
ALLOWED_HOSTS = ['example.com']
- Django โ Filter a queryset by Max(date) year
- Stopping auto-rotation of images in Django-imagekit Thumbnail
- How to write separate views for GET and POST
- Using Django auth User model as a Foreignkey and reverse relations
- How to access user names and profiles with django-allauth