From 40968fda4989bdc8455f18cbb9934a022ca48581 Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Fri, 8 Apr 2022 13:33:49 -0700 Subject: [PATCH] settings: Stop enabling USE_X_FORWARDED_HOST by default. This was added in 1fded2502576dec8464990cd6c17aef6c368426a, and is not necessary for standard Zulip installs. While both Host: and X-Forwarded-Host: are nominally untrusted, there is no reason to complicate the deployment by defaulting it on. --- zproject/computed_settings.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/zproject/computed_settings.py b/zproject/computed_settings.py index c60f7c49d3..d481c9fcaa 100644 --- a/zproject/computed_settings.py +++ b/zproject/computed_settings.py @@ -152,8 +152,6 @@ USE_TZ = True # this directory will be used to store logs for development environment DEVELOPMENT_LOG_DIRECTORY = os.path.join(DEPLOY_ROOT, "var", "log") -# Make redirects work properly behind a reverse proxy -USE_X_FORWARDED_HOST = True # Extend ALLOWED_HOSTS with localhost (needed to RPC to Tornado), ALLOWED_HOSTS += ["127.0.0.1", "localhost"]