Skip to content

fix: allow local development hosts in TrustedHostMiddleware #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
hannesrudolph wants to merge 1 commit into from
Closed

fix: allow local development hosts in TrustedHostMiddleware #18

hannesrudolph wants to merge 1 commit into from

Conversation

@hannesrudolph
Copy link

@hannesrudolph hannesrudolph commented Dec 11, 2024

Allow All Local Development Hosts in TrustedHostMiddleware

Problem

The application was returning 400 Bad Request errors when accessed through localhost or other local development URLs. This was caused by the TrustedHostMiddleware's restrictive allowed_hosts configuration, which only permitted production domains.

Solution

Updated the TrustedHostMiddleware configuration to include all common local development hostnames and a wildcard pattern. The allowed hosts now include:

  • localhost
  • 127.0.0.1
  • * (wildcard for all hosts)

This change maintains the security benefits of TrustedHostMiddleware in production while allowing for easier local development.

Changes

  • Modified main.py to expand the allowed_hosts list in TrustedHostMiddleware configuration
  • Kept existing production hosts (gitingest.com, *.gitingest.com, gitdigest.dev)
  • Added local development hosts and wildcard pattern

Testing

  • Verified server starts successfully with uvicorn
  • Confirmed 200 OK responses for:

Notes

  • The wildcard pattern (*) should be removed for production deployments if strict host checking is required
  • Consider adding a configuration variable to control allowed hosts based on environment (development/production)

@hannesrudolph
fix: allow local development hosts in TrustedHostMiddleware
eb6aca5 
Problem:
- Application returned 400 Bad Request errors when accessed through localhost
- TrustedHostMiddleware configuration was too restrictive for local development

Solution:
- Added localhost, 127.0.0.1, and wildcard pattern to allowed_hosts
- Maintained existing production domain configurations
- Improved developer experience for local testing
ebawen
ebawen reviewed Dec 13, 2024
View reviewed changes
Copy link
Contributor

@ebawen ebawen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a .env file for allowed hosts could be a good idea to keep the configuration adaptable and avoid hardcoding URLs in the app. What do you think? @hannesrudolph @cyclotruc

@hannesrudolph
Copy link
Author

hannesrudolph commented Dec 13, 2024

Using a .env file for allowed hosts could be a good idea to keep the configuration adaptable and avoid hardcoding URLs in the app. What do you think? @hannesrudolph @cyclotruc

I agree

@cyclotruc
Copy link
Member

cyclotruc commented Dec 14, 2024

Me too, that is what I will do

@cyclotruc
Copy link
Member

cyclotruc commented Dec 16, 2024

Closing because it's solved in #31

@cyclotruc cyclotruc closed this Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ebawen ebawen ebawen left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hannesrudolph @cyclotruc @ebawen