Hi Alex,
There is no security implication adding '
example.com.' (with trailing
dot) to your ALLOWED_HOSTS setting. There is some more information in
the ALLOWED_HOSTS setting docs.
From
https://docs.djangoproject.com/en/1.7/ref/settings/#allowed-hosts
> In previous [<= 1.6.X] versions of Django, if you wanted to also
> allow the fully qualified domain name (FQDN), which some browsers
> can send inthe Host header, you had to explicitly add another
> ALLOWED_HOSTS entry that included a trailing period.
> In Django 1.7, the trailing dot is stripped when performing host
> validation, thus an entry with a trailing dot isn’t required.
cheers,
Alasdair
--
Alasdair Nicol
Developer, MEMSET
mail:
alas...@memset.com
web:
http://www.memset.com/
Memset Ltd., registration number 4504980.
Building 87, Dunsfold Park, Stovolds Hill, Cranleigh, Surrey, GU6 8TB, UK