Host poisoning issue in HTTPSRedirectMiddleware
Closed this issue · 0 comments
EvanHahn commented
The HTTPSRedirectMiddleware may be vulnerable to a Host
header injection attack.
I'm not sure of the best way to solve this. One way could be to copy Django's ALLOWED_HOSTS
setting.