Merge pull request #360 from jallakim/allowed-hosts

Be more specific in the documentation regarding ALLOWED_HOSTS
2025-07-15 11:42:52 -06:00 · 2016-07-22 11:48:52 -04:00 · 2016-07-22 11:48:52 -04:00 · b9c09b2fc2
commit b9c09b2fc2
parent 275223ec53 deda796e42
1 changed files with 1 additions and 1 deletions
--- a/docs/configuration/mandatory-settings.md
+++ b/docs/configuration/mandatory-settings.md
@ -2,7 +2,7 @@ NetBox's local configuration is held in `netbox/netbox/configuration.py`. An exa

 ## ALLOWED_HOSTS

-This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
+This is a list of valid fully-qualified domain names (FQDNs) that is used to reach the NetBox service. Usually this is the same as the hostname for the NetBox server, but can also be different (e.g. when using a reverse proxy serving the NetBox website under a different FQDN than the hostname of the NetBox server). NetBox will not permit access to the server via any other hostnames (or IPs). The value of this option is also used to set `CSRF_TRUSTED_ORIGINS`, which restricts `HTTP POST` to the same set of hosts (more about this [here](https://docs.djangoproject.com/en/1.9/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS)). Keep in mind that NetBox, by default, has `USE_X_FORWARDED_HOST = True` (in `netbox/netbox/settings.py`) which means that if you're using a reverse proxy, it's the FQDN used to reach that reverse proxy which needs to be in this list (more about this [here](https://docs.djangoproject.com/en/1.9/ref/settings/#allowed-hosts)).

 Example: