Skip ALLOWED_HOSTS validation for /health/ endpoints

Health checks are often done directly against an IP address rather than using a full hostname. This is annoying to set up if the IP address can be one from a large range. The things that ALLOWED_HOSTS defend against don't really apply for health endpoints, so better not have the check. Fix #140
2026-03-10 08:01:17 +00:00 · 2025-07-08 17:36:01 +02:00
parent 9a6d453443
commit 4ca770da28
1 changed files with 6 additions and 1 deletions
--- a/bugsink/wsgi.py
+++ b/bugsink/wsgi.py
@@ -19,9 +19,10 @@ os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'bugsink_conf')

 class CustomWSGIRequest(WSGIRequest):
    """
-    Custom WSQIRequest subclass with 2 fixes:
+    Custom WSQIRequest subclass with 3 fixes/changes:

    * Chunked Transfer Encoding (Django's behavior is broken)
+    * Skip ALLOWED_HOSTS validation for /health/ endpoints (see #140)
    * Better error message for disallowed hosts

    Note: used in all servers (in gunicorn through wsgi.py; in Django's runserver through WSGI_APPLICATION)
@@ -56,6 +57,10 @@ class CustomWSGIRequest(WSGIRequest):
        try:
            return super().get_host()
        except DisallowedHost as e:
+            if self.path.startswith == "/health/":
+                # For /health/ endpoints, we skip the ALLOWED_HOSTS validation (see #140).
+                return self._get_raw_host()
+
            message = str(e)

            if "ALLOWED_HOSTS" in message: