This error message is coming from a feature that was added to lớn Drupal 8 to lớn protect against HTTP Host header attacks. The feature is also described in the change record that was generated for the patch.
Essentially, it was possible to lớn spoof the HTTP Host header for nefarious purposes, and trick Drupal into using a different tên miền name in several subsystems (particularly links generation). In other words, the HTTP Host header needs to lớn be considered user input, and not trusted.
To combat this, a new setting, $settings['trusted_host_patterns']
, was added to lớn Drupal 8 to lớn configure a list of "trusted" hostnames that the site can lập cập from. The setting needs to lớn be an array of regular expression patterns, without delimiters, representing the hostnames you would lượt thích to lớn allow to lớn lập cập from.
For example, if you are running your site from a single hostname "www.example.com", then you should add this to lớn your settings (usually found at ./sites/default/settings.php
):
$settings['trusted_host_patterns'] = array(
'^www\.example\.com$',
);
Note the ^
, \.
, and $
. These are PCRE Syntax. These just mean that you want to lớn match "www.example.com" precisely, with nothing extra at the beginning and kết thúc, and that the dots should be treated as dots and not wildcard characters.
If you are running from "example.com", then just use:
$settings['trusted_host_patterns'] = array(
'^example\.com$',
);
If you need to lớn lập cập a site of multiple domains and/or subdomains, and are not doing nội dung nguồn gốc redirection, then your setting would look something lượt thích this:
$settings['trusted_host_patterns'] = array(
'^example\.com$',
'^.+\.example\.com$',
'^example\.org',
'^.+\.example\.org',
);
This allows the site to lớn lập cập off of all variants of example.com and example.org, with all subdomains included.
Once you adjust $settings['trusted_host_patterns']
to lớn the proper value, you should be able to lớn browse to lớn your site again.
You can also kiểm tra on the status of your trusted host settings from the status report page, which is at admin/reports/status
If you remove the setting altogether, the trusted host mechanism will not be used, and you will see an error on the status report page. In addition, your site may also be vulnerable HTTP Host header attacks.
If you have this setting configured and are seeing this message, then it probably means you have messed up the regular expression syntax. In this case, take the first example, and copy/paste into your settings, and then edit it to lớn reflect the hostname your site runs from.