- π«π·France prudloff Lille
If you are 100% sure you can trust your headers, you can add something like this to remove the error:
$settings['trusted_host_patterns'] = ['.*'];
Setting trusted_host_patterns makes a lot of sense when you are "directly" exposed to the Internet, however many sites today are behind trusted reverse proxies of one type or another. When these proxies forward through only "known" hosts to the proper origin (in this case, where Drupal is running) there is nothing unsafe about replying to "any" host pattern because the upstream configuration ensures only intended traffic will reach Drupal.
In addition, in my experience developers hard-code local names such as myawesomesite.dockerplus-thing.local or something similar, leading to unnecessary local development cruft being inserted into settings files and adding friction to developer onboarding.
I am not proposing removing this feature, but either "demoting" this requirement error to a warning or a "checked" item with a note when other settings indicate we are behind a trusted reverse proxy.
Maintainer feedback, code, change record.
TBD.
Active
11.0 π₯
request processing system
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
If you are 100% sure you can trust your headers, you can add something like this to remove the error:
$settings['trusted_host_patterns'] = ['.*'];