From 673422cbb2f0abc9837b2ad1cddb75f3a197a607 Mon Sep 17 00:00:00 2001 From: Klaas van Schelven Date: Tue, 15 Jul 2025 20:43:13 +0200 Subject: [PATCH] Further tuning of the ALLOWED_HOSTS misconfig error-message Fix #148 --- bugsink/tests.py | 14 ++++++++++---- bugsink/wsgi.py | 10 +++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/bugsink/tests.py b/bugsink/tests.py index d478ee6..7dbcb02 100644 --- a/bugsink/tests.py +++ b/bugsink/tests.py @@ -384,24 +384,30 @@ class AllowedHostsMsgTestCase(DjangoTestCase): def test_allowed_hosts_error_message(self): self.maxDiff = None - # NOTE: cases for ALLOWED_HOSTS=[] are redundant because Django will refuse to start in that case. + # Note: cases for ALLOWED_HOSTS=[] are redundant because Django will refuse to start in that case. + + # ALLOWED_HOST only contains non-production domains that we typically _do not_ want to suggest in the msg + self.assertEqual( + "'Host: foobar' as sent by browser/proxy not in ALLOWED_HOSTS=['localhost', '127.0.0.1']. " + "Add 'foobar' to ALLOWED_HOSTS or configure proxy to use 'Host: your.host.example'.", + allowed_hosts_error_message("foobar", ["localhost", "127.0.0.1"])) # proxy misconfig: proxy speaks to "localhost" self.assertEqual( "'Host: localhost' as sent by browser/proxy not in ALLOWED_HOSTS=['testserver']. " - "Fix the proxy's Host-header config or add the desired host to ALLOWED_HOSTS.", + "Configure proxy to use 'Host: testserver' or add the desired host to ALLOWED_HOSTS.", allowed_hosts_error_message("localhost", ["testserver"])) # proxy misconfig: proxy speaks (local) IP self.assertEqual( "'Host: 127.0.0.1' as sent by browser/proxy not in ALLOWED_HOSTS=['testserver']. " - "Fix the proxy's Host-header config or add the desired host to ALLOWED_HOSTS.", + "Configure proxy to use 'Host: testserver' or add the desired host to ALLOWED_HOSTS.", allowed_hosts_error_message("127.0.0.1", ["testserver"])) # proxy misconfig: proxy speaks (remote) IP self.assertEqual( "'Host: 123.123.123.123' as sent by browser/proxy not in ALLOWED_HOSTS=['testserver']. " - "Fix the proxy's Host-header config or add the desired host to ALLOWED_HOSTS.", + "Configure proxy to use 'Host: testserver' or add the desired host to ALLOWED_HOSTS.", allowed_hosts_error_message("123.123.123.123", ["testserver"])) # plain old typo ALLOWED_HOSTS-side diff --git a/bugsink/wsgi.py b/bugsink/wsgi.py index 46299d0..b527904 100644 --- a/bugsink/wsgi.py +++ b/bugsink/wsgi.py @@ -32,12 +32,16 @@ def allowed_hosts_error_message(domain, allowed_hosts): # Start with the plain statement of fact: x not in y. msg = "'Host: %s' as sent by browser/proxy not in ALLOWED_HOSTS=%s. " % (domain, allowed_hosts) + suggestable_allowed_hosts = [host for host in allowed_hosts if host not in ["localhost", ".localhost", "127.0.0.1"]] + if len(suggestable_allowed_hosts) == 0: + proxy_suggestion = "your.host.example" + else: + proxy_suggestion = " | ".join(suggestable_allowed_hosts) + if domain == "localhost" or is_ip_address(domain): # in these cases Proxy misconfig is the more likely culprit. Point to that _first_ and (while still mentioning # ALLOWED_HOSTS); don't mention the specific domain that was used as a likely "good value" for ALLLOWED_HOSTS. - return msg + "Fix the proxy's Host-header config or add the desired host to ALLOWED_HOSTS." - - proxy_suggestion = allowed_hosts[0] + return msg + "Configure proxy to use 'Host: %s' or add the desired host to ALLOWED_HOSTS." % proxy_suggestion # the domain looks "pretty good"; be verbose/explicit about the 2 possible changes in config. return msg + "Add '%s' to ALLOWED_HOSTS or configure proxy to use 'Host: %s'." % (domain, proxy_suggestion)