From 8c22bee6cc9106a525592079ec1612ac6ec647be Mon Sep 17 00:00:00 2001
From: Pierre Tardy <pierre.tardy@renault.com>
Date: Fri, 26 Mar 2021 18:40:24 +0100
Subject: [PATCH] enable configuration of allowed host

Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
---
 README.rst                 | 5 +++++
 vulnerablecode/settings.py | 4 +---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/README.rst b/README.rst
index d328634c9..6bd04c94a 100644
--- a/README.rst
+++ b/README.rst
@@ -160,6 +160,11 @@ for this purpose::
 
     SECRET_KEY=$(python -c "from django.core.management import utils; print(utils.get_random_secret_key())")
 
+You will also need to setup the VC_ALLOWED_HOSTS environment variable to match the hostname where the app is deployed::
+
+    VC_ALLOWED_HOSTS=vulnerablecode.your.domain.example.com
+
+You can specify several host by separating them with a colon `:`
 
 Using Nix
 ~~~~~~~~~
diff --git a/vulnerablecode/settings.py b/vulnerablecode/settings.py
index 7c829e82f..ae9cf8384 100644
--- a/vulnerablecode/settings.py
+++ b/vulnerablecode/settings.py
@@ -27,9 +27,7 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
 
-ALLOWED_HOSTS = [
-    ".herokuapp.com",
-]
+ALLOWED_HOSTS = os.environ.get("VC_ALLOWED_HOSTS", "*").split(":")
 
 # Application definition