Drupal8: how to fix the error on trusted host setting?

0
votes

I have error in configuration using Drupal8 as below:

TRUSTED HOST SETTINGS Not enabled The trusted_host_patterns setting is not configured in settings.php. This can lead to security vulnerabilities. It is highly recommended that you configure this.

I’ve fixed this error locally put code on local setting.php:

$settings['trusted_host_patterns'] = array( '^drupal-8-2-6.dd$', '^localhost', );

But I could not fix this error on hosting setting.php even so I’ve tried different attempts as below (assuming that sf- my domain and dr31 –is side, so internet access is www.dr31.sf.com):

$settings['trusted_host_patterns'] = array( '^www.dr31.sf.com$', );

$settings['trusted_host_patterns'] = array( '^www.dr31.sf.com$', );

$settings['trusted_host_patterns'] = array( '^www.sf.com$', );

Is it possible that some hosting settings prevent to make effect of its setting.php and as the result it creates the trusted hosts error?

For ex. permission on setting php.not 644 but 444 and even I've changed it on 644 in come back to 444.

I, personally don't think that this has any affect on trusted host error. But why could not I get rid from error on hosting if I followed the same pattern as on local host where is no error?

How to fix the error of trusted host setting?

Thanks.

I've tried to change as suggested(see below) but it doesn't fix error:

3
drupal-8

3 Answers

1
votes

The suggested pattern as below didn't clear up error in trusted host:

$settings['trusted_host_patterns'] = array(

'^www.dr31.sf.com$',

);

I've tried different combinations and eventually I find the solution that helps to get rid of trusted hosts errors.

The code that I've used doesn't exactly follow those that provided in setting.php but it clear error in trusted hosts.

I've used the code as below to clear the error in trusted hosts:

$settings['trusted_host_patterns'] = array(

'^dr31.sf.com$', );

0
votes

Drupal 8 comes with a default (example) settings file that can be really useful to consult when you're stuck on things like this.

This example settings file should be located in the following location:

sites/default/default.settings.php

This file is generally very well commented, and useful when trying to figure out problems like this.

If you look specifically at the trusted host patterns example, it gives this as an example if you only want your site to be accessible by www.example.com:

$settings['trusted_host_patterns'] = array(
  '^www\.example\.com$',
);

This differs slightly from the code you said you're using (which was ^www.dr31.sf.com$), as the URL is formatted via a regular expression, you need to escape the periods using a backslash.

However, you might want your site to be accessible on www.example.com, and also example.com (or some other subdomains for example). If this is the case, you'll need to specify multiple URLs like this:

$settings['trusted_host_patterns'] = array(
  '^example\.com$',
  '^.+\.example\.com$',
);

Judging by what you've said, I would assume the following configuration would fix this for you:

$settings['trusted_host_patterns'] = array(
  '^www\.dr31\.sf\.com$',
);

You could also get away with much more lenient checks here, but I think the above is the most appropriate (as it doesn't sound like you're using Drupal to provide data on any other URLs/sub domains).

The permissions being changed is unrelated to your problem - as far as I understand, Drupal automatically resets these permissions to quite a restrictive setting to try and ensure your site is secure.

Hope that helps!

0
votes

For drupal 9

$settings['trusted_host_patterns'] = [
'^localhost$',                              
'^192\.168\.00\.52$',
'^127\.0\.0\.1$',
];

I move the code end of the settings.php file, it work's fine,it might suitable for all drupal versions

because so much of comment blocks (comment block start with /**, end with */) are there in the settings.php file.