Contrib.social

D8: trusted_host_patterns should include base URL?

Open on Drupal.org β†’
Created on 14 May 2015, about 10 years ago
Updated 13 May 2025, 19 days ago

Installing Drupal 8 beta 10 results in an installation that reports that it is potentially insecure, because "trusted_host_patterns" in settings.php is not set-up.

In the vast majority of cases, wouldn't it make sense to automatically include the base URL as the a "trusted_host_patterns", so that the installed site is secured and does not throw up a warning message?

I would include several common "trusted_host_patterns", so that admins can see how this is set-up, eg.

# @code
$settings['trusted_host_patterns'] = array(
   'www\.base_url\.com$',
#  'localhost',
#  '^.+\.base_url\.com$',
#   '^.+\.example\.org$',
);
# @endcode

I would also like to see the settings.php file converted to YAML file β†’ so that non-programmers can better understand it, and result in fewer support requests:

settings:
  trusted_host_patterns:
   www.base_url.com
   localhost
#   ^.+\.base_url\.com
#   ^.+\.example\.org
);
✨ Feature request
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component

base system

Created by

πŸ‡¬πŸ‡§United Kingdom iantresman

Live updates comments and jobs are added and updated live.
  • stale-issue-cleanup

    To track issues in the developing policy for closing stale issues, [Policy, no patch] closing older issues

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 19 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Thank you for sharing your idea for improving Drupal.

    We are working to decide if this proposal meets the Criteria for evaluating proposed changes. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or there is no community support. Your thoughts on this will allow a decision to be made.

    Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024