feat: Implement configurable ALLOWED_HOSTS

RandomProgramm3r · RandomProgramm3r · commit 09e4e4df8399 · 2025-07-26T21:07:04.000+03:00
This commit enhances security by replacing the wildcard `ALLOWED_HOSTS` setting with a configurable list loaded from the `DJANGO_ALLOWED_HOSTS` environment variable.

- The `promo_code/settings.py` file now parses a comma-separated string from the environment variable.
- The `.env.example` file has been updated to include `DJANGO_ALLOWED_HOSTS` with a default value of `localhost,127.0.0.1,0.0.0.0`.
diff --git a/.env.example b/.env.example
@@ -5,6 +5,7 @@ ANTIFRAUD_INTERNAL_PORT=9090
 
 DJANGO_DEBUG=False
 DJANGO_SECRET_KEY=your_django_secret_key
+DJANGO_ALLOWED_HOSTS=localhost,127.0.0.1,0.0.0.0
 
 POSTGRES_DATABASE=your_postgres_database_name
 POSTGRES_HOST=db
diff --git a/promo_code/promo_code/settings.py b/promo_code/promo_code/settings.py
@@ -27,7 +27,7 @@ def load_bool(name, default):
 
 DEBUG = load_bool('DJANGO_DEBUG', False)
 
-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS = os.getenv('DJANGO_ALLOWED_HOSTS', '').split(',')
 
 INSTALLED_APPS = [
     'django.contrib.admin',
