From be73264341d8c0781a4ec30b361831ecee0cd9cd Mon Sep 17 00:00:00 2001
From: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Date: Wed, 11 Apr 2018 20:41:25 -0400
Subject: [PATCH] Production ALLOWED_HOSTS settings now defaults to a safer
 ['127.0.0.1', 'localhost', '[::1]']

Signed-off-by: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
---
 HISTORY.rst                  | 1 +
 docs/releases/3.0.rst        | 1 +
 mayan/settings/production.py | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/HISTORY.rst b/HISTORY.rst
index a21f143bc1..0fd4a55894 100644
--- a/HISTORY.rst
+++ b/HISTORY.rst
@@ -151,6 +151,7 @@
 - Add the option to enable or disable parsing when uploading a document for each document type.
 - Add a new setting option to enable automatic parsing for each new document type created.
 - Add support for HTML bodies to the user mailers.
+- Production ALLOWED_HOSTS settings now defaults to a safer ['127.0.0.1', 'localhost', '[::1]']
 
 2.7.3 (2017-09-11)
 ==================
diff --git a/docs/releases/3.0.rst b/docs/releases/3.0.rst
index 3a43b5f8e2..00deb74a98 100644
--- a/docs/releases/3.0.rst
+++ b/docs/releases/3.0.rst
@@ -470,6 +470,7 @@ Other changes worth mentioning
 - Add the option to enable or disable parsing when uploading a document for each document type.
 - Add a new setting option to enable automatic parsing for each new document type created.
 - Add support for HTML bodies to the user mailers.
+- Production ALLOWED_HOSTS settings now defaults to a safer ['127.0.0.1', 'localhost', '[::1]']
 
 Removals
 --------
diff --git a/mayan/settings/production.py b/mayan/settings/production.py
index 908b6704e3..cddc7a122e 100644
--- a/mayan/settings/production.py
+++ b/mayan/settings/production.py
@@ -4,7 +4,7 @@ from . import *  # NOQA
 
 # Update this accordingly;
 # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS = ['127.0.0.1', 'localhost', '[::1]']
 
 TEMPLATES[0]['OPTIONS']['loaders'] = (
     (