On 11/11/25 08:45, dap1--- via Mailman-users wrote:
Not sure what that means. I would expect to allow any domain to access mailman-web since members can come from anywhere. Isn't that what the '*' means?.
ALLOWED_HOSTS = ["*", "localhost", # Archiving API from Mailman, keep it. "127.0.0.1", # "lists.your-domain.org", # Add here all production domains you have. ]
You should not have the "*". The remote host accessing mailman-web does not need to be in ALLOWED_HOSTS. The host that needs to be allowed is the host that is receiving the request.
You should remove the "*" as it's too permissive, and as it says, add any and all host names that external users use to access the system. That's why it's called ALLOWED_HOSTS rather that CLIENTS.
And have you tried logging in using one of those host names rather than localhost?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan