From ad2205e59616c90256afbb908ed95afaa2c24482 Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Mon, 28 Dec 2020 10:57:40 +0200
Subject: [PATCH] Add trusted host middleware.

---
 etebase_fastapi/app.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/etebase_fastapi/app.py b/etebase_fastapi/app.py
index 2bbfc2a..75cb099 100644
--- a/etebase_fastapi/app.py
+++ b/etebase_fastapi/app.py
@@ -1,7 +1,6 @@
 import os
 
 from django.core.wsgi import get_wsgi_application
-from fastapi.middleware.cors import CORSMiddleware
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "etebase_server.settings")
 application = get_wsgi_application()
@@ -10,6 +9,8 @@ from django.conf import settings
 
 # Not at the top of the file because we first need to setup django
 from fastapi import FastAPI, Request
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.middleware.trustedhost import TrustedHostMiddleware
 
 from .exceptions import CustomHttpException
 from .authentication import authentication_router
@@ -35,6 +36,7 @@ if settings.DEBUG:
 app.add_middleware(
     CORSMiddleware, allow_origin_regex="https?://.*", allow_credentials=True, allow_methods=["*"], allow_headers=["*"]
 )
+app.add_middleware(TrustedHostMiddleware, allowed_hosts=settings.ALLOWED_HOSTS)
 
 
 @app.exception_handler(CustomHttpException)