From 242f50c038e85399335331cc52a9a0c96e7c1ded Mon Sep 17 00:00:00 2001
From: Tonye Jack <jtonye@ymail.com>
Date: Tue, 8 Dec 2020 14:55:56 -0500
Subject: [PATCH] Fix CVE-2018-1281

References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1281
- https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html

```
Test results:
>> Issue: [B104:hardcoded_bind_all_interfaces] Possible binding to all interfaces.
   Severity: Medium   Confidence: Medium
   Location: ../local.py:4
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b104_hardcoded_bind_all_interfaces.html
3	# https://docs.djangoproject.com/en/3.1/ref/settings/#allowed-hosts
4	ALLOWED_HOSTS = ["localhost", "0.0.0.0", "127.0.0.1"]
5
```
---
 {{cookiecutter.project_slug}}/config/settings/local.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/{{cookiecutter.project_slug}}/config/settings/local.py b/{{cookiecutter.project_slug}}/config/settings/local.py
index 21e6a8dfc..f6271678e 100644
--- a/{{cookiecutter.project_slug}}/config/settings/local.py
+++ b/{{cookiecutter.project_slug}}/config/settings/local.py
@@ -11,7 +11,7 @@ SECRET_KEY = env(
     default="!!!SET DJANGO_SECRET_KEY!!!",
 )
 # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
-ALLOWED_HOSTS = ["localhost", "0.0.0.0", "127.0.0.1"]
+ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
 
 # CACHES
 # ------------------------------------------------------------------------------