Drupal 8设置信任主机

安装Drupal 8成功以后，运行状态报告会发现一个错误报告：

信任主机设置： 未启用

settings.php 中的 trusted_host_patterns 设置未配置。这可能导致安全漏洞。强烈建议您配置此项。更多详情请参见 防止 HTTP HOST 头攻击。

好吧，为了安全起见，让我们来配置一下信任主机设置。大伟哥的网站settings.php是在/var/www/html/daweibro.com/sites/default/文件夹下，让我们找到settings.php文件里有关信任主机设置（Trusted host configuration）的注释：

 
/**
 * Trusted host configuration.
 *
 * Drupal core can use the Symfony trusted host mechanism to prevent HTTP Host
 * header spoofing.
 *
 * To enable the trusted host mechanism, you enable your allowable hosts
 * in $settings['trusted_host_patterns']. This should be an array of regular
 * expression patterns, without delimiters, representing the hosts you would
 * like to allow.
 *
 * For example:
 * @code
 * $settings['trusted_host_patterns'] = array(
 *   '^www\.example\.com$',
 * );
 * @endcode
 * will allow the site to only run from www.example.com.
 *
 * If you are running multisite, or if you are running your site from
 * different domain names (eg, you don't redirect http://www.example.com to
 * http://example.com), you should specify all of the host patterns that are
 * allowed by your site.
 *
 * For example:
 * @code
 * $settings['trusted_host_patterns'] = array(
 *   '^example\.com$',
 *   '^.+\.example\.com$',
 *   '^example\.org$',
 *   '^.+\.example\.org$',
 * );
 * @endcode
 * will allow the site to run off of all variants of example.com and
 * example.org, with all subdomains included.
 */

看了这段注释，要进行这个配置就很简单了。直接复制最简单的那三行示例代码，相应修改后放在这一大段注释后面就可以，要保证前面没有注释符号：

  $settings['trusted_host_patterns'] = array(
    '^www\.daweibro\.com$',
  );

修改完成后再回管理界面运行状态报告，就会发现信任主机设置那一栏里，状态变为已启用了。

因为大伟哥博客设置的是所有的URL网址都重定向到www.daweibro.com这个样式，所以这样设置就足够了。如果你需要在不带www的网址或者其他域名网址或者多站点，就需要按照后面的代码示例进行相应修改了。