Further tuning of the ALLOWED_HOSTS misconfig error-message

Fix #148
2026-03-10 08:01:17 +00:00 · 2025-07-15 20:43:13 +02:00
parent e56c1fe676
commit 673422cbb2
2 changed files with 17 additions and 7 deletions
--- a/bugsink/tests.py
+++ b/bugsink/tests.py
@@ -384,24 +384,30 @@ class AllowedHostsMsgTestCase(DjangoTestCase):
    def test_allowed_hosts_error_message(self):
        self.maxDiff = None

-        # NOTE: cases for ALLOWED_HOSTS=[] are redundant because Django will refuse to start in that case.
+        # Note: cases for ALLOWED_HOSTS=[] are redundant because Django will refuse to start in that case.
+
+        # ALLOWED_HOST only contains non-production domains that we typically _do not_ want to suggest in the msg
+        self.assertEqual(
+            "'Host: foobar' as sent by browser/proxy not in ALLOWED_HOSTS=['localhost', '127.0.0.1']. "
+            "Add 'foobar' to ALLOWED_HOSTS or configure proxy to use 'Host: your.host.example'.",
+            allowed_hosts_error_message("foobar", ["localhost", "127.0.0.1"]))

        # proxy misconfig: proxy speaks to "localhost"
        self.assertEqual(
            "'Host: localhost' as sent by browser/proxy not in ALLOWED_HOSTS=['testserver']. "
-            "Fix the proxy's Host-header config or add the desired host to ALLOWED_HOSTS.",
+            "Configure proxy to use 'Host: testserver' or add the desired host to ALLOWED_HOSTS.",
            allowed_hosts_error_message("localhost", ["testserver"]))

        # proxy misconfig: proxy speaks (local) IP
        self.assertEqual(
            "'Host: 127.0.0.1' as sent by browser/proxy not in ALLOWED_HOSTS=['testserver']. "
-            "Fix the proxy's Host-header config or add the desired host to ALLOWED_HOSTS.",
+            "Configure proxy to use 'Host: testserver' or add the desired host to ALLOWED_HOSTS.",
            allowed_hosts_error_message("127.0.0.1", ["testserver"]))

        # proxy misconfig: proxy speaks (remote) IP
        self.assertEqual(
            "'Host: 123.123.123.123' as sent by browser/proxy not in ALLOWED_HOSTS=['testserver']. "
-            "Fix the proxy's Host-header config or add the desired host to ALLOWED_HOSTS.",
+            "Configure proxy to use 'Host: testserver' or add the desired host to ALLOWED_HOSTS.",
            allowed_hosts_error_message("123.123.123.123", ["testserver"]))

        # plain old typo ALLOWED_HOSTS-side
--- a/bugsink/wsgi.py
+++ b/bugsink/wsgi.py
@@ -32,12 +32,16 @@ def allowed_hosts_error_message(domain, allowed_hosts):
    # Start with the plain statement of fact: x not in y.
    msg = "'Host: %s' as sent by browser/proxy not in ALLOWED_HOSTS=%s. " % (domain, allowed_hosts)

+    suggestable_allowed_hosts = [host for host in allowed_hosts if host not in ["localhost", ".localhost", "127.0.0.1"]]
+    if len(suggestable_allowed_hosts) == 0:
+        proxy_suggestion = "your.host.example"
+    else:
+        proxy_suggestion = " | ".join(suggestable_allowed_hosts)
+
    if domain == "localhost" or is_ip_address(domain):
        # in these cases Proxy misconfig is the more likely culprit. Point to that _first_ and (while still mentioning
        # ALLOWED_HOSTS); don't mention the specific domain that was used as a likely "good value" for ALLLOWED_HOSTS.
-        return msg + "Fix the proxy's Host-header config or add the desired host to ALLOWED_HOSTS."
-
-    proxy_suggestion = allowed_hosts[0]
+        return msg + "Configure proxy to use 'Host: %s' or add the desired host to ALLOWED_HOSTS." % proxy_suggestion

    # the domain looks "pretty good"; be verbose/explicit about the 2 possible changes in config.
    return msg + "Add '%s' to ALLOWED_HOSTS or configure proxy to use 'Host: %s'." % (domain, proxy_suggestion)