From 95b77765c73e33768904c0cfe280aee1e5e1d6f9 Mon Sep 17 00:00:00 2001
From: Luc <stagiair@syrinx.nl>
Date: Wed, 8 Dec 2021 10:48:29 +0100
Subject: [PATCH] takes care of point 3

Only one allowed host is enough in the container environment. All traffic is coming from Nginx.
Do not set the Host header in Nginx it will screw with the ALLOWED_HOSTS in Python.

The TUBESYNC_HOSTS now only affects the CSRF_TRUSTED_ORIGINS.
If there is a *need* the hosts are required in ALLOWED_HOSTS I would like to know in which scenario.
---
 README.md                                     | 2 +-
 config/root/etc/nginx/nginx.conf              | 1 -
 tubesync/tubesync/local_settings.py.container | 7 ++-----
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index fbdf7c9..3888636 100644
--- a/README.md
+++ b/README.md
@@ -376,7 +376,7 @@ useful if you are manually installing TubeSync in some other environment. These
 | DJANGO_FORCE_SCRIPT_NAME | Django's FORCE_SCRIPT_NAME                                   | /somepath                            |
 | TUBESYNC_DEBUG           | Enable debugging                                             | True                                 |
 | TUBESYNC_WORKERS         | Number of background workers, default is 2, max allowed is 8 | 2                                    |
-| TUBESYNC_HOSTS           | Django's ALLOWED_HOSTS, do not include `localhost`, `127.0.0.1` or `::1`                                       | tubesync.example.com,otherhost.com   |
+| TUBESYNC_HOSTS           | Django's ALLOWED_HOSTS                                       | tubesync.example.com,otherhost.com   |
 | GUNICORN_WORKERS         | Number of gunicorn workers to spawn                          | 3                                    |
 | LISTEN_HOST              | IP address for gunicorn to listen on                         | 127.0.0.1                            |
 | LISTEN_PORT              | Port number for gunicorn to listen on                        | 8080                                 |
diff --git a/config/root/etc/nginx/nginx.conf b/config/root/etc/nginx/nginx.conf
index c36874d..2ec3bd2 100644
--- a/config/root/etc/nginx/nginx.conf
+++ b/config/root/etc/nginx/nginx.conf
@@ -61,7 +61,6 @@ http {
 
         location / {
             proxy_pass http://127.0.0.1:8080;
-            proxy_set_header Host localhost;
             proxy_set_header X-Forwarded-Proto $real_proto;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Real-IP $remote_addr;
diff --git a/tubesync/tubesync/local_settings.py.container b/tubesync/tubesync/local_settings.py.container
index ce34139..ac75508 100644
--- a/tubesync/tubesync/local_settings.py.container
+++ b/tubesync/tubesync/local_settings.py.container
@@ -15,12 +15,9 @@ SECRET_KEY = str(os.getenv('DJANGO_SECRET_KEY', 'tubesync-django-secret'))
 
 
 ALLOWED_HOSTS_STR = os.getenv('TUBESYNC_HOSTS', '')
-if len(ALLOWED_HOSTS_STR) > 0:
-    ALLOWED_HOSTS_STR += ','
-ALLOWED_HOSTS_STR += '127.0.0.1,localhost,::1'
-
-ALLOWED_HOSTS = ALLOWED_HOSTS_STR.split(',')
 CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS_STR.split(',')
+ALLOWED_HOSTS = [127.0.0.1]
+
 
 DEBUG = True if os.getenv('TUBESYNC_DEBUG', False) else False
 FORCE_SCRIPT_NAME = os.getenv('DJANGO_FORCE_SCRIPT_NAME', None)