Challenge - 5 Problems

🎖️

ALLOWED_HOSTS Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

1:30remaining

What does ALLOWED_HOSTS control in Django?

In Django settings, what is the main purpose of the ALLOWED_HOSTS setting?

AIt defines the database hosts that Django can connect to for data storage.

BIt lists the IP addresses that the Django server will bind to when running.

CIt specifies which host/domain names the Django site can serve to prevent HTTP Host header attacks.

DIt controls which user agents (browsers) are allowed to access the Django site.

Attempts:

2 left

❓ component_behavior

intermediate

1:30remaining

What happens if ALLOWED_HOSTS is empty in production?

If you deploy a Django app to production and leave ALLOWED_HOSTS = [], what will happen when a user tries to access the site?

ADjango will serve the request normally without restrictions.

BDjango will raise a <code>DisallowedHost</code> exception and refuse to serve the request.

CDjango will redirect the user to the admin login page automatically.

DDjango will log a warning but still serve the request.

Attempts:

2 left

📝 Syntax

advanced

1:30remaining

Which ALLOWED_HOSTS setting is valid for allowing example.com and localhost?

Choose the correct way to set ALLOWED_HOSTS to allow requests from example.com and localhost.

AALLOWED_HOSTS = ['example.com', 'localhost']

BALLOWED_HOSTS = 'example.com, localhost'

CALLOWED_HOSTS = {'example.com', 'localhost'}

DALLOWED_HOSTS = ('example.com', 'localhost')

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this ALLOWED_HOSTS setting cause a DisallowedHost error?

Given the setting ALLOWED_HOSTS = ['.example.com'], why might requests to example.com itself cause a DisallowedHost error?

Django

ALLOWED_HOSTS = ['.example.com']

ABecause '.example.com' allows subdomains like 'www.example.com' but not the root domain 'example.com'.

BBecause the dot at the start is invalid syntax and causes a configuration error.

CBecause ALLOWED_HOSTS must include IP addresses, not domain names.

DBecause the list must include 'example.com' explicitly without a dot.

Attempts:

2 left

❓ state_output

expert

2:30remaining

What is the output of this Django ALLOWED_HOSTS check code?

Consider this Django snippet checking if a host is allowed:

ALLOWED_HOSTS = ['example.com', '.mysite.org']

hosts_to_test = ['example.com', 'www.mysite.org', 'mysite.org', 'evil.com']

results = []
for host in hosts_to_test:
    try:
        from django.http.request import validate_host
        validate_host(host, ALLOWED_HOSTS)
        results.append(f"{host}: allowed")
    except Exception:
        results.append(f"{host}: disallowed")

print(results)

What will be printed?

Django

ALLOWED_HOSTS = ['example.com', '.mysite.org']

hosts_to_test = ['example.com', 'www.mysite.org', 'mysite.org', 'evil.com']

results = []
for host in hosts_to_test:
    try:
        from django.http.request import validate_host
        validate_host(host, ALLOWED_HOSTS)
        results.append(f"{host}: allowed")
    except Exception:
        results.append(f"{host}: disallowed")

print(results)

A['example.com: disallowed', 'www.mysite.org: allowed', 'mysite.org: allowed', 'evil.com: disallowed']

B['example.com: allowed', 'www.mysite.org: allowed', 'mysite.org: allowed', 'evil.com: allowed']

C['example.com: allowed', 'www.mysite.org: disallowed', 'mysite.org: allowed', 'evil.com: disallowed']

D['example.com: allowed', 'www.mysite.org: allowed', 'mysite.org: disallowed', 'evil.com: disallowed']

Attempts:

2 left