Add IP address to allowed hosts (#239)

* Add IP address to allowed hosts * Add comment * Dont include the IP address in the qs domains
ministryofjustice · Aug 14, 2024 · 8e56fae · 8e56fae
1 parent 90b1a67
commit 8e56fae
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/ap/settings/common.py b/ap/settings/common.py
@@ -13,6 +13,7 @@
 import os
 from os.path import abspath, dirname, join
 from pathlib import Path
+from socket import gaierror, gethostbyname, gethostname
 from typing import Any, Dict
 
 import structlog
@@ -210,6 +211,15 @@
 # Whitelist values for the HTTP Host header, to prevent certain attacks
 ALLOWED_HOSTS = [host for host in os.environ.get("ALLOWED_HOSTS", "").split() if host]
 
+# set this before adding the IP address below
+# TODO We may be able to set this in terraform instead, we should check this
+QUICKSIGHT_DOMAINS = [f"https://{host}" for host in ALLOWED_HOSTS] or ["http://localhost:8000"]
+
+try:
+    ALLOWED_HOSTS.append(gethostbyname(gethostname()))
+except gaierror:
+    pass
+
 # -- HTTP headers
 # Sets the X-Content-Type-Options: nosniff header
 SECURE_CONTENT_TYPE_NOSNIFF = True
@@ -313,8 +323,6 @@
 # role to assume when requesting temporary credentials with the users Identity Center context
 IAM_BEARER_ROLE_ARN = os.environ.get("IAM_BEARER_ROLE_ARN")
 
-QUICKSIGHT_DOMAINS = [f"https://{host}" for host in ALLOWED_HOSTS] or ["http://localhost:8000"]
-
 # should not be required when using a service role e.g. in dev/prod
 DEFAULT_STS_ROLE_TO_ASSUME = os.environ.get("DEFAULT_STS_ROLE_TO_ASSUME", None)