Menu
From what I understand, ALLOWED_HOSTS does a check when DEBUG=False to prevent an attacker from pointing their own domain to your site.
It looks like Heroku's Custom Domains do the same thing.
So instead of adding a required ALLOWED_HOSTS variable in your app.json for the Heroku Button (since it feels redundant and is error-prone when you're in a hurry), can you set ALLOWED_HOSTS = ['*'] and allow Heroku to verify the requests are coming where they should instead?
751
The basics. First, and most importantly, Heroku web applications require a Procfile . This file is used to explicitly declare your application's process types and entry points. It is located in the root of your repository. Procfile web: gunicorn myproject.wsgi.
Project description. This is a Django library for Heroku applications that ensures a seamless deployment and development experience.
Note that Heroku removed ['*'] from the getting started guide in December 2017.
I recommend setting ALLOWED_HOSTS = ['.herokuapp.com'].
Even though Heroku's domain service is providing this protection, specifying the setting will be a reminder to update the configuration if moved to another hosting service.
154
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
