{{请求。get_host}}在和ALLOWED_HOSTS设置(在Django 1.4.4中添加)一起使用时，可以防止HTTP主机头攻击。

注意{{request.META。HTTP_HOST}}没有相同的保护。查看文档:

ALLOWED_HOSTS A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations. ... If the Host header (or X-Forwarded-Host if USE_X_FORWARDED_HOST is enabled) does not match any value in this list, the django.http.HttpRequest.get_host() method will raise SuspiciousOperation. ... This validation only applies via get_host(); if your code accesses the Host header directly from request.META you are bypassing this security protection.

至于在模板中使用请求，在Django 1.8中，模板渲染函数调用已经改变了，所以你不再需要直接处理RequestContext。

下面是如何渲染视图的模板，使用快捷函数render():

from django.shortcuts import render

def my_view(request):
    ...
    return render(request, 'my_template.html', context)

下面是如何呈现一个电子邮件模板，IMO是更常见的情况下，你想要的主机值:

from django.template.loader import render_to_string

def my_view(request):
    ...
    email_body = render_to_string(
        'my_template.txt', context, request=request)

下面是一个在电子邮件模板中添加完整URL的示例;请求。Scheme应该获得HTTP或HTTPS，这取决于您使用的是什么:

Thanks for registering! Here's your activation link:
{{ request.scheme }}://{{ request.get_host }}{% url 'registration_activate' activation_key %}

{{请求。get_host}}在和ALLOWED_HOSTS设置(在Django 1.4.4中添加)一起使用时，可以防止HTTP主机头攻击。

注意{{request.META。HTTP_HOST}}没有相同的保护。查看文档:

ALLOWED_HOSTS A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations. ... If the Host header (or X-Forwarded-Host if USE_X_FORWARDED_HOST is enabled) does not match any value in this list, the django.http.HttpRequest.get_host() method will raise SuspiciousOperation. ... This validation only applies via get_host(); if your code accesses the Host header directly from request.META you are bypassing this security protection.

至于在模板中使用请求，在Django 1.8中，模板渲染函数调用已经改变了，所以你不再需要直接处理RequestContext。

下面是如何渲染视图的模板，使用快捷函数render():

from django.shortcuts import render

def my_view(request):
    ...
    return render(request, 'my_template.html', context)

下面是如何呈现一个电子邮件模板，IMO是更常见的情况下，你想要的主机值:

from django.template.loader import render_to_string

def my_view(request):
    ...
    email_body = render_to_string(
        'my_template.txt', context, request=request)

下面是一个在电子邮件模板中添加完整URL的示例;请求。Scheme应该获得HTTP或HTTPS，这取决于您使用的是什么:

Thanks for registering! Here's your activation link:
{{ request.scheme }}://{{ request.get_host }}{% url 'registration_activate' activation_key %}

正如@furins的回复中提到的，代理服务器可能存在问题。我在使用Apache和uWSGI - request时发现了这一点。Get_host或request。Build_absolute_uri将返回代理主机(127.0.0.1:9191…)。

然而，有人已经发布了一个有用的指南来解决这个问题:

https://ubuntu.com/blog/django-behind-a-proxy-fixing-absolute-urls

虽然这是一个相对较老的答案，但它仍然与django 3.2和python 3.9相关。

为了防止这个答案在未来消失，以下是它的要点:

settings.py

# Setup support for proxy headers
USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

apache.conf

<VirtualHost *:443>
    ...
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS

    ProxyPass / http://10.0.0.3/
    ProxyPassReverse / http://10.0.0.3/
    ...
</VirtualHost>

使用这些设置请求。Get_host和request。Build_absolute_uri引用客户端请求的主机，而不是代理主机。

您可以在模板中使用{{protocol}}://{{domain}}来获取您的域名。

我发现了{{请求。Get_host}}方法。

我认为我们想要的是现有url标签的替代品，所以我写了一个新标签:

from django.template import Library
from django.urls     import reverse

@register.simple_tag(takes_context = True)
def fullURL(context, name, *args, **kwargs):
    request = context['request']
    return f'{request.scheme}://{request.get_host()}{reverse(name, args = args, kwargs = kwargs)}'

然后在你的模板中你可以这样…

{% extends "myapp/email/email_base.html" %}

{% load mytags %} {# Replace mytags with whatever the name of your custom tags calss is. #}

{% block content %}
<p>You can use <a href="{% fullURL 'signup' %}">this link</a> to get started with your account. We look forward to seeing you soon!</p>
{% endblock content %}

然后，当你生成这个时，你只需要记住将请求传递到上下文，就像这样……

from django.template.loader import render_to_string

def sendEmail(subject, to, template, **context):
    html = render_to_string(f'myapp/email/{template}.html', context | {'subject': subject})
    # ... and so on with the rest of my function for sending email...